github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-22 06:24:14 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Unable to set fsGroup other than 1000 in helm chart #8724

New Issue
Closed
opened 2025-11-02 08:15:37 -06:00 by GiteaMirror · 2 comments
GiteaMirror commented 2025-11-02 08:15:37 -06:00
Owner
Copy Link

Originally created by @tgckpg on GitHub (Mar 19, 2022).

Gitea Version

1.16.4-rootless

Git Version

No response

Operating System

5.10.0-10-amd64 #1 SMP Debian 5.10.84-1 (2021-12-08) x86_64 GNU/Linux

How are you running Gitea?

Pod failed to run with the following config

values.yaml snippet

# Security context is only usable with rootless image due to image design
podSecurityContext:
  fsGroup: 1001

containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
#   # Add the SYS_CHROOT capability for root and rootless images if you intend to
#   # run pods on nodes that use the container runtime cri-o. Otherwise, you will
#   # get an error message from the SSH server that it is not possible to read from
#   # the repository.
#   # https://gitea.com/gitea/helm-chart/issues/161
    add:
      - SYS_CHROOT
  privileged: false
  readOnlyRootFilesystem: true
  runAsGroup: 1001
  runAsNonRoot: true
  runAsUser: 1001

Database

PostgreSQL

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Description

No response

Screenshots

No response

Originally created by @tgckpg on GitHub (Mar 19, 2022). ### Gitea Version 1.16.4-rootless ### Git Version _No response_ ### Operating System 5.10.0-10-amd64 #1 SMP Debian 5.10.84-1 (2021-12-08) x86_64 GNU/Linux ### How are you running Gitea? Pod failed to run with the following config values.yaml snippet ``` # Security context is only usable with rootless image due to image design podSecurityContext: fsGroup: 1001 containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL # # Add the SYS_CHROOT capability for root and rootless images if you intend to # # run pods on nodes that use the container runtime cri-o. Otherwise, you will # # get an error message from the SSH server that it is not possible to read from # # the repository. # # https://gitea.com/gitea/helm-chart/issues/161 add: - SYS_CHROOT privileged: false readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 ``` ### Database PostgreSQL ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Description _No response_ ### Screenshots _No response_
GiteaMirror commented 2025-11-02 08:15:38 -06:00
Author
Owner
Copy Link

@tgckpg commented on GitHub (Mar 19, 2022):

Found a workaround, create a pvc and mount it to /var/lib/gitea.

values.yaml

extraVolumes:
  - name: var-lib-gitea
    persistentVolumeClaim:
      claimName: var-lib-gitea

# additional volumes to mount, both to the init container and to the main
# container. As an example, can be used to mount a client cert when connecting
# to an external Postgres server.
extraVolumeMounts:
  - name: var-lib-gitea
    mountPath: "/var/lib/gitea"
@tgckpg commented on GitHub (Mar 19, 2022): Found a workaround, create a pvc and mount it to `/var/lib/gitea`. values.yaml ```yaml extraVolumes: - name: var-lib-gitea persistentVolumeClaim: claimName: var-lib-gitea # additional volumes to mount, both to the init container and to the main # container. As an example, can be used to mount a client cert when connecting # to an external Postgres server. extraVolumeMounts: - name: var-lib-gitea mountPath: "/var/lib/gitea" ```
GiteaMirror commented 2025-11-02 08:15:38 -06:00
Author
Owner
Copy Link

@justusbunsi commented on GitHub (Jun 4, 2022):

Hi @tgckpg. Thanks for reporting. This is a direct issue in the Helm Chart. Do you mind creating an issue on https://gitea.com/gitea/helm-chart and close this one here?

EDIT: Issue created https://gitea.com/gitea/helm-chart/issues/338. Closing this one.

@justusbunsi commented on GitHub (Jun 4, 2022): Hi @tgckpg. Thanks for reporting. This is a direct issue in the Helm Chart. Do you mind creating an issue on https://gitea.com/gitea/helm-chart and close this one here? EDIT: Issue created https://gitea.com/gitea/helm-chart/issues/338. Closing this one.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#8724
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?