chore: move directory setup from Helm initContainers to Dockerfiles

- [x] Standardize directory structure across scanner and server Dockerfiles - [x] Use FHS-compliant paths (/var/cache, /var/lib, /tmp) - [x] Add explicit permission management (chmod 750) in build stage - [x] Remove initContainers from both Helm deployments
2026-06-13 02:36:48 +00:00 · 2026-01-03 01:15:09 +00:00
parent f03a288326
commit e6fe925dcb
4 changed files with 23 additions and 57 deletions
@@ -28,34 +28,6 @@ spec:
      serviceAccountName: {{ include "gohoarder.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      initContainers:
-      - name: init-permissions
-        image: busybox:latest
-        command: ['sh', '-c']
-        args:
-        - |
-          mkdir -p /var/cache/gohoarder /var/lib/gohoarder/metadata /tmp/gohoarder
-          {{- if .Values.security.scanners.trivy.enabled }}
-          mkdir -p {{ .Values.security.scanners.trivy.cacheDb }}
-          {{- end }}
-          chmod 750 /var/cache/gohoarder /var/lib/gohoarder 2>/dev/null || true
-        volumeMounts:
-        - name: storage
-          mountPath: /var/cache/gohoarder
-        - name: metadata
-          mountPath: /var/lib/gohoarder/metadata
-        {{- if .Values.security.scanners.trivy.enabled }}
-        - name: trivy-cache
-          mountPath: {{ .Values.security.scanners.trivy.cacheDb }}
-        {{- end }}
-        - name: tmp
-          mountPath: /tmp/gohoarder
-        securityContext:
-          runAsUser: 1000
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
      containers:
      - name: scanner
        securityContext:
@@ -29,27 +29,6 @@ spec:
      serviceAccountName: {{ include "gohoarder.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      initContainers:
-      - name: init-permissions
-        image: busybox:latest
-        command: ['sh', '-c']
-        args:
-        - |
-          mkdir -p /var/cache/gohoarder /var/lib/gohoarder/metadata /tmp/gohoarder
-          chmod 750 /var/cache/gohoarder /var/lib/gohoarder 2>/dev/null || true
-        volumeMounts:
-        - name: storage
-          mountPath: /var/cache/gohoarder
-        - name: metadata
-          mountPath: /var/lib/gohoarder/metadata
-        - name: tmp
-          mountPath: /tmp/gohoarder
-        securityContext:
-          runAsUser: 1000
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
      containers:
      - name: server
        securityContext: