ZhenYi/gitdataai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix deploy repo volume permissions

Browse Source
This commit is contained in:
ZhenYi 2026-05-15 00:50:13 +08:00
parent 6ba06be47e
commit 894c3873a4
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
deploy/README.md
View File

@ -136,6 +136,15 @@ All services share a single PVC (`shared-data`) via `subPath` mounts:
| `files` | `/data/files` | app | | `files` | `/data/files` | app |
| `static` | `/data` | static-server | | `static` | `/data` | static-server |
Pods run as UID/GID `1000` and set `fsGroup: 1000` so Git processes can create temporary object
directories under bare repositories. If an existing PVC was previously written by another UID,
fix ownership once from a maintenance pod:
```bash
chown -R 1000:1000 /data/repos
chmod -R u+rwX,g+rwX /data/repos
```
## Autoscaling ## Autoscaling
All services except `email_worker` have HPA enabled by default. The email worker is fixed at 1 replica and must not be All services except `email_worker` have HPA enabled by default. The email worker is fixed at 1 replica and must not be

3
deploy/values.yaml
View File

@ -197,6 +197,9 @@ serviceAccount:
podSecurityContext: podSecurityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
securityContext: securityContext:
capabilities: capabilities: