diff options
| author |   Andreas Geissler <andreas-geissler@telekom.de> | 2024-08-14 13:13:41 +0200 |
|---|---|---|
| committer | Andreas Geissler <andreas-geissler@telekom.de> | 2024-08-15 10:29:58 +0200 |
| commit | fec27ccdd5fc0c8fc4ff749697fd147407acfdc6 (patch) | |
| tree | 36041534e70cbcebcdbde54c5615e6248d0424bb /kubernetes/common/timescaledb/templates | |
| parent | bec6aa583c517f61b271468d706d38e1ffca1f5f (diff) | |
[COMMON][TIMESCALEDB] TemporalDB and securityContext settings
- make pod/containerSecurityContext settings more configurable
in _pod.tpl
- fix MariaDB statefulset
- Fix temporal statefulset to comply with security rules
- Set timescaleDB via RepositoryGenerator
Issue-ID: OOM-3310
Change-Id: I870f1e835020c2b30225741e700d1a6abfba8ad3
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Diffstat (limited to 'kubernetes/common/timescaledb/templates')
| -rw-r--r-- | kubernetes/common/timescaledb/templates/statefulset.yaml | 24 |
1 files changed, 7 insertions, 17 deletions
diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml index 1d161f3945..031241dbaf 100644 --- a/kubernetes/common/timescaledb/templates/statefulset.yaml +++ b/kubernetes/common/timescaledb/templates/statefulset.yaml @@ -29,27 +29,12 @@ spec: metadata: {{- include "common.templateMetadata" (dict "ignoreHelmChart" true "dot" . ) | nindent 6 }} spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} - {{ include "common.podSecurityContext" . | indent 10 | trim}} - initContainers: - # we shouldn't need this but for unknown reason, it's fsGroup is not - # applied - - name: fix-permission - command: - - /bin/sh - args: - - -c - - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /var/lib/postgresql/data - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: {{ include "common.fullname" . }} + {{ include "common.podSecurityContext" . | indent 6 | trim}} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim}} ports: {{ include "common.containerPorts" . | nindent 12 }} livenessProbe: exec: @@ -80,10 +65,15 @@ spec: mountPath: /docker-entrypoint-initdb.d - name: {{ include "common.fullname" . }} mountPath: /var/lib/postgresql/data + - name: var-run + mountPath: /var/run/postgresql volumes: - name: {{ include "common.fullname" . }}-init configMap: name: {{ include "common.fullname" . }}-init + - name: var-run + emptyDir: + sizeLimit: {{ .Values.dirSizes.varDir.sizeLimit }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} |