From df2a1259d9d0fd585863e9cfc929224976dedc51 Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Sat, 6 Jun 2026 13:45:18 +0200 Subject: [PATCH] manifests: revert filebrowser v2.63.13 -> v2-alpine (PVC permission issue) The previous PR pinned `filebrowser/filebrowser:v2-alpine` to v2.63.13 but it crashlooped on: Error: open /database/filebrowser.db: permission denied The v2.63.13 image (debian-based default) runs as a non-root UID and can't write to files on the PVC that were created by the v2-alpine image (which ran as root). No `v2.63.13-alpine` tag exists upstream (filebrowser stopped publishing per-version alpine variants), so we can't trivially preserve the same runtime. Quick recovery: revert to v2-alpine so filebrowser is usable again. Proper fix (deferred): either an initContainer that `chown -R 1000:1000 /database /srv` or a `securityContext.fsGroup: 1000` on the pod spec to let the non-root UID write to the existing PVC. Both require some care since the chown is destructive if the UID is wrong. Co-Authored-By: Claude Opus 4.7 (1M context) --- manifests/webpage.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/manifests/webpage.yaml b/manifests/webpage.yaml index 53e90a1..06fe460 100644 --- a/manifests/webpage.yaml +++ b/manifests/webpage.yaml @@ -107,7 +107,12 @@ spec: spec: containers: - name: filebrowser - image: filebrowser/filebrowser:v2.63.13 + # NOTE: v2-alpine is a moving tag (Renovate can't track it). + # Pinning to v2.63.13 (debian-based default) broke the PVC permissions + # (the image runs as a non-root UID and can't write to files left + # by the alpine variant). A clean re-pin needs either an initContainer + # to chown the PVC, or a fsGroup on the pod spec. Revisit when time permits. + image: filebrowser/filebrowser:v2-alpine ports: - containerPort: 8080 volumeMounts: -- 2.52.0