From bc25fdf2596832ae0042093cd1a87fcd2f155d71 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 15 May 2025 19:39:14 -0500 Subject: [PATCH] change mounts --- clusters/cl01tl/services/talos/values.yaml | 39 +++++++++++----------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/clusters/cl01tl/services/talos/values.yaml b/clusters/cl01tl/services/talos/values.yaml index 268e8c1c9..566453f39 100644 --- a/clusters/cl01tl/services/talos/values.yaml +++ b/clusters/cl01tl/services/talos/values.yaml @@ -3,20 +3,8 @@ etcd-backup: main: type: cronjob pod: - # securityContext: - # runAsUser: 1000 - # runAsGroup: 1000 - # fsGroup: 1000 - # runAsNonRoot: true - # seccompProfile: - # type: RuntimeDefault - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists + nodeSelector: + node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists @@ -40,11 +28,16 @@ etcd-backup: command: - /talos-backup workingDir: /tmp - # securityContext: - # allowPrivilegeEscalation: false - # capabilities: - # drop: - # - ALL + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault env: - name: AWS_ACCESS_KEY_ID valueFrom: @@ -86,6 +79,14 @@ etcd-backup: main: - path: /tmp readOnly: false + talos: + type: emptyDir + medium: Memory + advancedMounts: + main: + main: + - path: /.talos + readOnly: false secret: enabled: true type: secret