From 0c3d035aa34e05e7c6c80eb85d02241d7d34bf39 Mon Sep 17 00:00:00 2001
From: Matt Reeves <admin@mafyuh.io>
Date: Tue, 18 Feb 2025 20:45:45 -0500
Subject: [PATCH] update helmreleases
---
kubernetes/apps/production/arr/radarr/helmrelease.yaml | 6 ++++++
kubernetes/apps/production/arr/recyclarr/helmrelease.yaml | 7 ++++++-
kubernetes/apps/production/arr/sonarr/helmrelease.yaml | 6 +++---
kubernetes/secrets/recyclarr.yaml | 6 +++---
4 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/kubernetes/apps/production/arr/radarr/helmrelease.yaml b/kubernetes/apps/production/arr/radarr/helmrelease.yaml
index 18931c2..c00d474 100644
--- a/kubernetes/apps/production/arr/radarr/helmrelease.yaml
+++ b/kubernetes/apps/production/arr/radarr/helmrelease.yaml
@@ -75,6 +75,12 @@ spec:
liveness:
enabled: false
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+
resources:
requests:
cpu: 50m
diff --git a/kubernetes/apps/production/arr/recyclarr/helmrelease.yaml b/kubernetes/apps/production/arr/recyclarr/helmrelease.yaml
index 20546cb..1056fb6 100644
--- a/kubernetes/apps/production/arr/recyclarr/helmrelease.yaml
+++ b/kubernetes/apps/production/arr/recyclarr/helmrelease.yaml
@@ -44,10 +44,15 @@ spec:
pod:
securityContext:
- runAsUser: &context 65534
+ runAsUser: &context 1000
runAsGroup: *context
fsGroup: *context
fsGroupChangePolicy: "OnRootMismatch"
+ dnsPolicy: None
+ dnsConfig:
+ nameservers:
+ - 1.1.1.1
+ - 8.8.8.8
containers:
app:
diff --git a/kubernetes/apps/production/arr/sonarr/helmrelease.yaml b/kubernetes/apps/production/arr/sonarr/helmrelease.yaml
index e328b27..bd01088 100644
--- a/kubernetes/apps/production/arr/sonarr/helmrelease.yaml
+++ b/kubernetes/apps/production/arr/sonarr/helmrelease.yaml
@@ -39,7 +39,7 @@ spec:
statefulset:
volumeClaimTemplates:
- name: config
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 3Gi
storageClass: longhorn
globalMounts:
@@ -47,8 +47,8 @@ spec:
pod:
securityContext:
- runAsUser: 65534
- runAsGroup: &group 65534
+ runAsUser: 1000
+ runAsGroup: &group 1000
fsGroup: *group
fsGroupChangePolicy: "OnRootMismatch"
diff --git a/kubernetes/secrets/recyclarr.yaml b/kubernetes/secrets/recyclarr.yaml
index 2399efe..5cdcb60 100644
--- a/kubernetes/secrets/recyclarr.yaml
+++ b/kubernetes/secrets/recyclarr.yaml
@@ -5,7 +5,7 @@ metadata:
namespace: arr
type: Opaque
stringData:
- RADARR_API_KEY: ENC[AES256_GCM,data:7TG0ku1JbJ2u4SuoCOJTIYbaNipuw+4ZVIkvkdIvcGM=,iv:AABASIeiNPi76yxvVIHFqzOHgkdn5fg2r2NCnRS9Eqk=,tag:QV35b8Yo345rFnf29oYLMA==,type:str]
+ RADARR_API_KEY: ENC[AES256_GCM,data:eMGcEuKJxh0ZW9TFOSEeBSaJkLiT1A/rZpZYs2rq7vs=,iv:eYPVbiYKKBc8rYcd8yqIpT01g2SZuMHdpv5Dh/sWO5o=,tag:qyqR2YYcKY7FLa+97cvThg==,type:str]
SONARR_API_KEY: ENC[AES256_GCM,data:0FfjBWrWHrQJWjki5nXZG+nuM35jEq4DMOi0wzKVU8M=,iv:dlgFto0t+ED33jQkZ0GVyUhcEZnqPHMspAYOQ2FN5g0=,tag:B2RDZ+qdofxCcQaxFQNPog==,type:str]
sops:
kms: []
@@ -22,8 +22,8 @@ sops:
KzdOczVjakovQlE1TkF4VUJORk5IdWsKx12AioJfcpmzCAbI+RwrJW1607YYsQbf
N8EKX70kyhdlwyCMDwr7B0+eFAWsJAjsR+2Z91peXCxlfeVXu28eFQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-02-18T05:24:59Z"
- mac: ENC[AES256_GCM,data:Fr6LRYW21WjwyWlQLY3V3KqmM6JrQvfs4kVSgLr+a4RhlYp1qWFP7EbFvcdJbCCuvHi5f1xRDsW7s01nKth0Qw97h14aJVxsyEgD7R/OoI4sfJMQBEryV8JZWwzUqr2lnZ5dqow4kxdw/LTakVxDzDcSF4jOUFV1vRKcncB+zRA=,iv:DtoO7ewd43R3TnenfvDTMJfZi4GxupDQody/v3BzMT8=,tag:ahaN3mRHfB7IjtdhihkBGw==,type:str]
+ lastmodified: "2025-02-19T01:45:24Z"
+ mac: ENC[AES256_GCM,data:9GIRsHdrO8YxPii5Nbgt3VZi6JhGcu+B8St7msnD4eHNIVx0i5JcStGEVfTVHcnsw/T9omK0NT/00hvcX4thIQ944sVis8f8ivUN88+/Lj5J5rroZrrUJMf0QdOiVkOhqT1mpXbh8OeIX7NxzZYnnx066/KVYFT7sDlkrkzHnPY=,iv:B77rM+KWTxAbLWLLTycemdqzXc8HrxrXWwT2r0evunk=,tag:1YNjAXZwSYPLTUguDLDSfA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4