change mounts

2025-05-15 19:39:14 -05:00
parent f3b84fadf8
commit bc25fdf259
1 changed files with 20 additions and 19 deletions
--- a/clusters/cl01tl/services/talos/values.yaml
+++ b/clusters/cl01tl/services/talos/values.yaml
@@ -3,20 +3,8 @@ etcd-backup:
    main:
      type: cronjob
      pod:
-        # securityContext:
-        #   runAsUser: 1000
-        #   runAsGroup: 1000
-        #   fsGroup: 1000
-        #   runAsNonRoot: true
-        #   seccompProfile:
-        #     type: RuntimeDefault
-        affinity:
-          nodeAffinity:
-            requiredDuringSchedulingIgnoredDuringExecution:
-              nodeSelectorTerms:
-                - matchExpressions:
-                  - key: node-role.kubernetes.io/control-plane
-                    operator: Exists
+        nodeSelector:
+          node-role.kubernetes.io/control-plane: ""
        tolerations:
          - key: node-role.kubernetes.io/control-plane
            operator: Exists
@@ -40,11 +28,16 @@ etcd-backup:
          command:
            - /talos-backup
          workingDir: /tmp
-          # securityContext:
-          #   allowPrivilegeEscalation: false
-          #   capabilities:
-          #     drop:
-          #       - ALL
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
          env:
            - name: AWS_ACCESS_KEY_ID
              valueFrom:
@@ -86,6 +79,14 @@ etcd-backup:
          main:
            - path: /tmp
              readOnly: false
+    talos:
+      type: emptyDir
+      medium: Memory
+      advancedMounts:
+        main:
+          main:
+            - path: /.talos
+              readOnly: false
    secret:
      enabled: true
      type: secret