Closed ericgraf closed 10 months ago
@ericgraf thanks for the PR. We will review this.
@rchincha I think this would help solve the issue https://github.com/project-zot/zot/issues/1760
@ericgraf can you pls take a look at the CI failures.
Hi @ericgraf, pls rebase your PR and bump up chart version to 0.1.35 in Chart.yaml file.
@rchincha @Andreea-Lupu Sorry I didn't respond.
I bumped the version chart version to 0.1.39 which is the next patch version in Chart.yaml.
I noticed https://github.com/project-zot/helm-charts/pull/31 was opened did we want to use that PR instead or continue with this one?
Hi @ericgraf we merged #31 as it was including the new test as well. Thanks again for your contribution!
Closing since changes have been merged in with https://github.com/project-zot/helm-charts/pull/31.
What type of PR is this?
bug + feature
Which issue does this PR fix:
What does this PR do / Why do we need it:
Feature: Adds support for defining extra volumes and extra volume mounts.
Bug: Following the restricted PSS standards, found here https://kubernetes.io/docs/concepts/security/pod-security-standards/, Root filesystem should be read-only and pods run as non root.
When securityContext.runAsUser is set to 1000 the pod fails trying to write to
/var/lib/registry
folder.This can be solved by mounting a pvc at /var/lib/registry but this doesn't work for HA multi-replica setups. The current chart creates a single pvc and mounts it to all the pods which is not suitable for all situations.
The solution is to allow for more flexible complex mounts like allowing for Emptydir volume mounts for read-only root filesystems.
If an issue # is not available please add repro steps and logs showing the issue:
To reproduce:
The pod will crashloop with the below error.
Testing done on this change:
Automation added to e2e:
This change modifies the deployment method not sure how to test it here. lib/integration.sh also doesn't exist in this repo.
Will this break upgrades or downgrades?
No this change is backward compatible since it introduces new fields in the values file extraVolume, extraVolumeMount and volumeClaimTemplates .
Does this PR introduce any user-facing change?:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.