diff options
author | Bruno Sakoto <bruno.sakoto@bell.ca> | 2021-09-15 18:30:20 -0400 |
---|---|---|
committer | Bruno Sakoto <bruno.sakoto@bell.ca> | 2021-09-30 22:57:24 -0400 |
commit | d0fa8cf57eaac53f723c0ca8399f58b55655ea6f (patch) | |
tree | cda6deb2e774ae1f65b7b667b8456ae3d27e3dd4 /kubernetes/common/timescaledb/templates/statefulset.yaml | |
parent | a001a61bdd6430027b39281f9d79366e837c7494 (diff) |
[COMMON] Run timescale with postgres user
Timescale container is ran with postgres user and group which are
defined with uid 70 and gid 70.
Data volume owner is changed for postgres.
See also:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
Issue-ID: CPS-667
Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
Change-Id: Ia87922ba68bb47a7a07aaf61f368143d970278b6
Diffstat (limited to 'kubernetes/common/timescaledb/templates/statefulset.yaml')
-rw-r--r-- | kubernetes/common/timescaledb/templates/statefulset.yaml | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml index 9b63de434d..435c925eb2 100644 --- a/kubernetes/common/timescaledb/templates/statefulset.yaml +++ b/kubernetes/common/timescaledb/templates/statefulset.yaml @@ -31,6 +31,18 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: chowm-mount-path + command: + - /bin/sh + args: + - -c + - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: {{ include "common.fullname" . }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} |