diff --git a/library/ix-dev/community/mealie/ci/extra-values.yaml b/library/ix-dev/community/mealie/ci/extra-values.yaml index eb7cbc3006..1935186fa2 100644 --- a/library/ix-dev/community/mealie/ci/extra-values.yaml +++ b/library/ix-dev/community/mealie/ci/extra-values.yaml @@ -8,6 +8,10 @@ mealieConfig: defaultAdminPassword: supersecret baseURL: http://localhost:31000 +mealieRunAs: + user: 1000 + group: 1000 + mealieStorage: pgData: type: pvc diff --git a/library/ix-dev/community/mealie/metadata.yaml b/library/ix-dev/community/mealie/metadata.yaml new file mode 100644 index 0000000000..80076f1399 --- /dev/null +++ b/library/ix-dev/community/mealie/metadata.yaml @@ -0,0 +1,13 @@ +runAsContext: + - userName: mealie + groupName: mealie + gid: 568 + uid: 568 + description: Mealie can runs as any non-root user. + - userName: postgres + groupName: postgres + gid: 999 + uid: 999 + description: Postgres runs as a non-root user. +capabilities: [] +hostMounts: [] diff --git a/library/ix-dev/community/mealie/templates/_configuration.tpl b/library/ix-dev/community/mealie/templates/_configuration.tpl new file mode 100644 index 0000000000..9a81cb93ba --- /dev/null +++ b/library/ix-dev/community/mealie/templates/_configuration.tpl @@ -0,0 +1,49 @@ +{{- define "mealie.configuration" -}} + {{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}} + + {{- $dbHost := (printf "%s-postgres" $fullname) -}} + {{- $dbUser := "mealie" -}} + {{- $dbName := "mealie" -}} + + {{- $dbPass := (randAlphaNum 32) -}} + {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}} + {{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}} + {{- end -}} + + {{- $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) -}} + {{/* Temporary set dynamic db details on values, + so we can print them on the notes */}} + {{- $_ := set .Values "mealieDbPass" $dbPass -}} + {{- $_ := set .Values "mealieDbHost" $dbHost -}} + +secret: + mealie: + enabled: true + data: + DB_ENGINE: postgres + POSTGRES_USER: {{ $dbUser }} + POSTGRES_PASSWORD: {{ $dbPass }} + POSTGRES_SERVER: {{ $dbHost }} + POSTGRES_PORT: "5432" + POSTGRES_DB: {{ $dbName }} + + postgres-creds: + enabled: true + data: + POSTGRES_USER: {{ $dbUser }} + POSTGRES_DB: {{ $dbName }} + POSTGRES_PASSWORD: {{ $dbPass }} + POSTGRES_HOST: {{ $dbHost }} + POSTGRES_URL: {{ $dbURL }} + +configmap: + mealie: + enabled: true + data: + API_PORT: {{ .Values.mealieNetwork.webPort | quote }} + BASE_URL: {{ .Values.mealieConfig.baseURL | quote }} + ALLOW_SIGNUP: {{ .Values.mealieConfig.allowSignup | quote }} + DEFAULT_GROUP: {{ .Values.mealieConfig.defaultGroup | quote }} + DEFAULT_EMAIL: {{ .Values.mealieConfig.defaultAdminEmail | quote }} + DEFAULT_PASSWORD: {{ .Values.mealieConfig.defaultAdminPassword | quote }} +{{- end -}} diff --git a/library/ix-dev/community/mealie/templates/_mealie.tpl b/library/ix-dev/community/mealie/templates/_mealie.tpl index 6ede46da90..571501ee7e 100644 --- a/library/ix-dev/community/mealie/templates/_mealie.tpl +++ b/library/ix-dev/community/mealie/templates/_mealie.tpl @@ -12,10 +12,11 @@ workload: primary: true imageSelector: image securityContext: - # TODO: Check if we can use arbitrary user IDs - runAsUser: 911 - runAsGroup: 911 + runAsUser: {{ .Values.mealieRunAs.user }} + runAsGroup: {{ .Values.mealieRunAs.group }} readOnlyRootFilesystem: false + fixedEnv: + PUID: {{ .Values.mealieRunAs.user }} envFrom: - secretRef: name: mealie diff --git a/library/ix-dev/community/mealie/values.yaml b/library/ix-dev/community/mealie/values.yaml index 38d2612094..50b2e6e448 100644 --- a/library/ix-dev/community/mealie/values.yaml +++ b/library/ix-dev/community/mealie/values.yaml @@ -16,6 +16,10 @@ mealieConfig: baseURL: '' additionalEnvs: [] +mealieRunAs: + user: 568 + group: 568 + mealieNetwork: webPort: 31001 hostNetwork: false