Exikle/Artemis-Cluster
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases 7 Activity Actions 1

fix(media): fix kaizoku convention violations #196

Merged
Exikle merged 1 commit from fix/media-kaizoku-conventions into main 2026-06-03 11:30:00 +00:00
Conversation 2 Commits 1 Files changed 2 +18 -3
Exikle commented 2026-06-03 04:58:13 +00:00
Owner
Copy link
No description provided.
fix(media): fix kaizoku convention violations
Some checks failed
Labeler / Labeler (pull_request_target) Successful in 45s
Details
Flate / Flate - Filter (pull_request) Successful in 20s
Details
Flate / Flate (helmrelease) (pull_request) Failing after 4m25s
Details
Flate / Flate (kustomization) (pull_request) Failing after 4m45s
Details
Flate - Success Flate checks failure
Flate / Flate - Success (pull_request) Failing after 32s
Details
9ad43d5aa4
 
- Add runAsNonRoot/runAsUser/runAsGroup to defaultPodOptions (uid 99, gid 100)
- Add container securityContext (allowPrivilegeEscalation, capabilities, readOnlyRootFilesystem)
- Add tmp emptyDir for readOnlyRootFilesystem
- Fix env field order (PGID before PUID)
- Add retryInterval: 1m to ks.yaml
- Remove stale onepassword-connect dependsOn (no ExternalSecret)
Exikle scheduled this pull request to auto merge when all checks succeed 2026-06-03 04:58:23 +00:00
Exikle force-pushed fix/media-kaizoku-conventions from 9ad43d5aa4
Some checks failed
Labeler / Labeler (pull_request_target) Successful in 45s
Details
Flate / Flate - Filter (pull_request) Successful in 20s
Details
Flate / Flate (helmrelease) (pull_request) Failing after 4m25s
Details
Flate / Flate (kustomization) (pull_request) Failing after 4m45s
Details
Flate - Success Flate checks failure
Flate / Flate - Success (pull_request) Failing after 32s
Details
to da69e68171
All checks were successful
Flate / Flate - Filter (pull_request) Successful in 15s
Details
Labeler / Labeler (pull_request_target) Successful in 40s
Details
Flate / Flate (kustomization) (pull_request) Successful in 2m41s
Details
Flate / Flate (helmrelease) (pull_request) Successful in 2m59s
Details
Flate - Success Flate checks success
Flate / Flate - Success (pull_request) Successful in 24s
Details
2026-06-03 11:26:18 +00:00 Compare
dusk-bot commented 2026-06-03 11:29:07 +00:00
Collaborator
Copy link
Kustomization diff 
# Kustomization: flux-system/artemis-cluster Kustomization: media/kaizoku

@@ spec.dependsOn @@
! - one list entry removed:
- - name: onepassword-connect
-   namespace: external-secrets

# Kustomization: media/kaizoku HelmRelease: media/kaizoku

@@ spec.values.controllers.kaizoku.containers.app @@
! + one map entry added:
+ securityContext:
+   allowPrivilegeEscalation: false
+   capabilities:
+     drop:
+     - ALL
+   readOnlyRootFilesystem: true

@@ spec.values.defaultPodOptions.securityContext @@
! + three map entries added:
+ runAsGroup: 100
+ runAsNonRoot: true
+ runAsUser: 99

@@ spec.values.persistence @@
! + one map entry added:
+ tmp:
+   type: emptyDir
+   advancedMounts:
+     kaizoku:
+       app:
+       - path: /tmp
+         subPath: tmp

Diff created by flateWorkflow run

<!-- Sticky Pull Request Comment196/kubernetes/kustomization --> <details open><summary>Kustomization diff</summary> ```diff # Kustomization: flux-system/artemis-cluster Kustomization: media/kaizoku @@ spec.dependsOn @@ ! - one list entry removed: - - name: onepassword-connect - namespace: external-secrets # Kustomization: media/kaizoku HelmRelease: media/kaizoku @@ spec.values.controllers.kaizoku.containers.app @@ ! + one map entry added: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true @@ spec.values.defaultPodOptions.securityContext @@ ! + three map entries added: + runAsGroup: 100 + runAsNonRoot: true + runAsUser: 99 @@ spec.values.persistence @@ ! + one map entry added: + tmp: + type: emptyDir + advancedMounts: + kaizoku: + app: + - path: /tmp + subPath: tmp ``` </details> <sub>Diff created by [flate](https://github.com/home-operations/flate) — [Workflow run](https://git.dcunha.io/Exikle/Artemis-Cluster/actions/runs/748)</sub>
dusk-bot commented 2026-06-03 11:29:23 +00:00
Collaborator
Copy link
HelmRelease diff 
# HelmRelease: media/kaizoku Deployment: media/kaizoku

@@ spec.template.spec.containers.app @@
! + one map entry added:
+ securityContext:
+   allowPrivilegeEscalation: false
+   capabilities:
+     drop:
+     - ALL
+   readOnlyRootFilesystem: true

@@ spec.template.spec.containers.app.volumeMounts @@
! + one list entry added:
+ - name: tmp
+   mountPath: /tmp
+   subPath: tmp

@@ spec.template.spec.securityContext @@
! + three map entries added:
+ runAsGroup: 100
+ runAsNonRoot: true
+ runAsUser: 99

@@ spec.template.spec.volumes @@
! + one list entry added:
+ - name: tmp
+   emptyDir: {}

Diff created by flateWorkflow run

<!-- Sticky Pull Request Comment196/kubernetes/helmrelease --> <details open><summary>HelmRelease diff</summary> ```diff # HelmRelease: media/kaizoku Deployment: media/kaizoku @@ spec.template.spec.containers.app @@ ! + one map entry added: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true @@ spec.template.spec.containers.app.volumeMounts @@ ! + one list entry added: + - name: tmp + mountPath: /tmp + subPath: tmp @@ spec.template.spec.securityContext @@ ! + three map entries added: + runAsGroup: 100 + runAsNonRoot: true + runAsUser: 99 @@ spec.template.spec.volumes @@ ! + one list entry added: + - name: tmp + emptyDir: {} ``` </details> <sub>Diff created by [flate](https://github.com/home-operations/flate) — [Workflow run](https://git.dcunha.io/Exikle/Artemis-Cluster/actions/runs/748)</sub>
Exikle merged commit c5fc723c9b into main 2026-06-03 11:30:00 +00:00
Exikle deleted branch fix/media-kaizoku-conventions 2026-06-03 11:30:01 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
area/bootstrap
Issues related to cluster bootstrapping

  
area/ci
Issues related to Forgejo workflows and automation

  
area/flux
Issues related to Flux CD configuration

  
area/kubernetes
Issues related to Kubernetes configuration

  
area/media
Issues related to media stack configuration

  
area/observability
Issues related to observability configuration

  
area/renovate
Issues related to Renovate configuration and automation

  
area/talos
Issues related to TalosOS configuration and operations

  
community
Community contributions and discussions

  
hold
Do not merge - work in progress or blocked

  
hold/upstream
Blocked waiting for upstream fix or update

  
priority/high
High priority issues

  
priority/low
Low priority issues

  
priority/medium
Medium priority issues

  
renovate/container
Container image updates from Renovate

  
renovate/forgejo-action
Forgejo Action updates from Renovate

  
renovate/github-release
GitHub Release updates from Renovate

  
renovate/grafana-dashboard
Grafana dashboard updates from Renovate

  
renovate/helm
Helm chart updates from Renovate

  
type/digest
Container digest updates (same version, new build)

  
type/major
Major version updates (breaking changes)

  
type/minor
Minor version updates (new features, backward compatible)

  
type/patch
Patch version updates (bug fixes)

No labels
area/bootstrap
area/ci
area/flux
area/kubernetes
area/media
area/observability
area/renovate
area/talos
community
hold
hold/upstream
priority/high
priority/low
priority/medium
renovate/container
renovate/forgejo-action
renovate/github-release
renovate/grafana-dashboard
renovate/helm
type/digest
type/major
type/minor
type/patch
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Exikle/Artemis-Cluster!196
No description provided.