Comments (5)
fsGroup
seems to work.
edit deployments in the helm chart to include securityContext fsGroup, like so:
### DEPLOYMENT
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarr
labels:
{{- include "k8s-mediaserver.labels" . | nindent 4 }}
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
{{- include "k8s-mediaserver.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "k8s-mediaserver.selectorLabels" . | nindent 8 }}
app: sonarr
spec:
securityContext:
fsGroup: {{ .Values.general.pgid }}
initContainers:
#(....)
an alternative is to add an init container that does chown but from my experience that is very clunky
from k8s-mediaserver-operator.
Hi @agustinvinao, thank you for reporting this, do you mind sharing the k8s-mediaserver.yml you used for the setup? Thank you!
from k8s-mediaserver-operator.
I've cloned the repo and Im using the origin yml file.
Something I've notice is I can use any folder with abc
user (app, config, defaults and downloads). I've tried setting user and group 1000 but it doesn't work.
Im using another file for the ingress, currently have traefik accessing.
here is my values file (Im enabling and disabling differente apps for testing):
# Default values for k8s-mediaserver.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
general:
ingress_host: media.codespacelabs.com
plex_ingress_host: plex.codespacelabs.com
image_tag: latest
#UID to run the process with
puid: 1000
#GID to run the process with
pgid: 1000
#Persistent storage selections and pathing
storage:
customVolume: false #set to true if not using a PVC (must provide volume below)
pvcName: mediaserver-pvc
size: 50Gi
pvcStorageClass: longhorn
accessMode: ""
# the path starting from the top level of the pv you're passing. If your share is server.local/share/, then tv is server.local/share/media/tv
subPaths:
tv: media/tv
movies: media/movies
downloads: downloads
transmission: transmission
sabnzbd: sabnzbd
config: config
volumes:
hostPath:
path: /mnt/share
# ingress:
# ingressClassName: ""
sonarr:
enabled: true
container:
image: docker.io/linuxserver/sonarr
nodeSelector: {}
port: 8989
service:
type: ClusterIP
port: 8989
nodePort:
extraLBService: false
# Defines an additional LB service, requires cloud provider service or MetalLB
ingress:
enabled: false
annotations: {}
path: /sonarr
tls:
enabled: true
certResolver: leresolver
# secretName: ""
resources: {}
volume: {}
# name: pvc-sonarr-config
# storageClassName: longhorn
# storage: 5Gi
# accessModes: ReadWriteOnce
#annotations:
# my-annotation/test: my-value
#labels:
# my-label/test: my-other-value
#selector: {}
transmission:
enabled: true
container:
image: docker.io/linuxserver/transmission
nodeSelector: {}
port:
utp: 9091
peer: 51413
service:
utp:
type: ClusterIP
port: 9091
nodePort:
# Defines an additional LB service, requires cloud provider service or MetalLB
extraLBService: false
peer:
type: ClusterIP
port: 51413
nodePort:
nodePortUDP:
# Defines an additional LB service, requires cloud provider service or MetalLB
extraLBService: false
ingress:
enabled: false
annotations: {}
path: /transmission
tls:
enabled: false
secretName: ""
config:
auth:
enabled: true
username: "admin"
password: "Chester848"
resources: {}
volume:
name: pvc-transmission-config
storageClassName: longhorn
storage: 5Gi
accessModes: ReadWriteOnce
# annotations: {}
# labels: {}
# selector: {}
radarr:
enabled: false
container:
image: docker.io/linuxserver/radarr
nodeSelector: {}
port: 7878
service:
type: ClusterIP
port: 7878
nodePort:
extraLBService: false
# Defines an additional LB service, requires cloud provider service or MetalLB
ingress:
enabled: false
annotations: {}
path: /radarr
tls:
enabled: false
secretName: ""
resources: {}
volume:
name: pvc-radarr-config
storageClassName: longhorn
storage: 5Gi
accessModes: ReadWriteOnce
#annotations: {}
#labels: {}
#selector: {}
prowlarr:
enabled: true
container:
image: docker.io/linuxserver/prowlarr
tag: develop
nodeSelector: {}
port: 9696
service:
type: ClusterIP
port: 9696
nodePort:
extraLBService: false
ingress:
enabled: false
annotations: {}
path: /prowlarr
tls:
enabled: false
secretName: ""
resources: {}
volume: {}
# name: pvc-prowlarr-config
# storageClassName: longhorn
# storage: 5Gi
# accessModes: ReadWriteOnce
# annotations: {}
# labels: {}
# selector: {}
plex:
enabled: false
claim: "CHANGEME"
replicaCount: 1
container:
image: docker.io/linuxserver/plex
nodeSelector: {}
port: 32400
service:
type: ClusterIP
port: 32400
nodePort:
# Defines an additional LB service, requires cloud provider service or MetalLB
extraLBService: false
ingress:
enabled: false
annotations: {}
tls:
enabled: false
secretName: ""
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 100m
memory: 100Mi
volume:
name: pvc-plex-config
storageClassName: longhorn
storage: 50Gi
accessModes: ReadWriteOnce
# # annotations: {}
# # labels: {}
# # selector: {}
jackett:
enabled: false
container:
image: docker.io/linuxserver/jackett
nodeSelector: {}
port: 9117
service:
type: ClusterIP
port: 9117
nodePort:
extraLBService: false
# Defines an additional LB service, requires cloud provider service or MetalLB
ingress:
enabled: false
annotations: {}
path: /jackett
tls:
enabled: false
secretName: ""
resources: {}
volume: {}
# name: pvc-jackett-config
# storageClassName: longhorn
# annotations: {}
# labels: {}
# accessModes: ReadWriteOnce
# storage: 5Gi
# selector: {}
sabnzbd:
enabled: false
container:
image: docker.io/linuxserver/sabnzbd
nodeSelector: {}
port:
http: 8080
https: 9090
service:
http:
type: ClusterIP
port: 8080
nodePort:
# Defines an additional LB service, requires cloud provider service or MetalLB
extraLBService: false
https:
type: ClusterIP
port: 9090
nodePort:
# Defines an additional LB service, requires cloud provider service or MetalLB
extraLBService: false
ingress:
enabled: true
annotations: {}
path: /sabnzbd
tls:
enabled: false
secretName: ""
resources: {}
volume: {}
# name: pvc-plex-config
# storageClassName: longhorn
# annotations: {}
# labels: {}
# accessModes: ReadWriteOnce
# storage: 5Gi
# selector: {}
from k8s-mediaserver-operator.
thank you for the details, my question is, does longhorn require setting fsGroup or similar to work? I've seen this
longhorn/longhorn#1713 that shows something similar to what you are facing.
All containers run as non-privileged users (default 1000).
from k8s-mediaserver-operator.
Hi,
did you manage to resolve this issue ? I've almost the same values file and got the same error.
from k8s-mediaserver-operator.
Related Issues (20)
- [BR] Error when enabling AdditionalLB for Jellyfin HOT 1
- [BR] unable to use NFS mount as per read me HOT 3
- [FR] Add an nginx security/protection container in the mix HOT 3
- [FR] Support Overseerr
- [BR] Docker image tags set to devel/latest HOT 2
- [DISC] Plex Client Setup HOT 4
- [BR] Nginx Ingress does not allow reuse of the same host name. HOT 7
- [BR] No PVC defined for Prowlarr in chart HOT 1
- [FR] guide on how exactly to use with helm including example of PV setup HOT 4
- [FR] Support native multi-arch build in workflow
- [FR] Bump operator-sdk version
- [BR] Readiness probes based on TCP should use httpGet instead.
- [FR] Helm Only and Additional Options HOT 8
- [FR] Add Ombi to the Stack
- [FR] Simplify with defaults
- [FR] Helm repository HOT 2
- [BR] Unable to connect to Plex HOT 13
- [FR] Add Helm Repo HOT 1
- [FR]Configure URL Base HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k8s-mediaserver-operator.