4 files changed, 33 insertions, 12 deletions
diff --git a/kubernetes/common/postgres-init/.helmignore b/kubernetes/common/postgres-init/.helmignore
index f0c1319444..0bab41b6b1 100644
--- a/kubernetes/common/postgres-init/.helmignore
+++ b/kubernetes/common/postgres-init/.helmignore
@@ -19,3 +19,14 @@
 .project
 .idea/
 *.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/postgres-init/Chart.yaml b/kubernetes/common/postgres-init/Chart.yaml
index 81f566f9e1..4951ed6359 100644
--- a/kubernetes/common/postgres-init/Chart.yaml
+++ b/kubernetes/common/postgres-init/Chart.yaml
@@ -1,5 +1,6 @@
 # Copyright © 2021 Orange
 # Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,19 +17,19 @@
 apiVersion: v2
 description: Chart for Postgres init job
 name: postgres-init
-version: 13.0.1
+version: 13.0.3
 
 
 dependencies:
   - name: common
     version: ~13.x-0
-    repository: 'file://../common'
+    repository: '@local'
   - name: repositoryGenerator
     version: ~13.x-0
-    repository: 'file://../repositoryGenerator'
+    repository: '@local'
   - name: readinessCheck
     version: ~13.x-0
     repository: '@local'
   - name: serviceAccount
     version: ~13.x-0
-    repository: '@local'
-\ No newline at end of file
+    repository: '@local'
diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml
index 6736559b81..a2f7e12274 100644
--- a/kubernetes/common/postgres-init/templates/job.yaml
+++ b/kubernetes/common/postgres-init/templates/job.yaml
@@ -28,11 +28,18 @@ spec:
   backoffLimit: 20
   template:
     metadata:
+      annotations:
+        # Workarround to exclude K8S API from istio communication
+        # as init-container (readinessCheck) does not work with the
+        # Istio CNI plugin, see:
+        # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+        traffic.sidecar.istio.io/excludeOutboundPorts: "443"
       labels:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
       name: {{ include "common.name" . }}
     spec:
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
       initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
       containers:
       - command:
@@ -70,15 +77,13 @@ spec:
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
         volumeMounts:
-        - mountPath: /etc/localtime
-          name: localtime
-          readOnly: true
         - mountPath: /config-input/setup.sql
           name: config
           subPath: setup.sql
         - mountPath: /config
           name: pgconf
         resources: {{ include "common.resources" . | nindent 10 }}
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
       {{ include "common.waitForJobContainer" . | indent 6 | trim }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
@@ -90,14 +95,12 @@ spec:
       {{- end }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
-      - name: localtime
-        hostPath:
-          path: /etc/localtime
       - name: config
         configMap:
           name: {{ include "common.fullname" . }}
       - name: pgconf
         emptyDir:
+          sizeLimit: 64Mi
           medium: Memory
       restartPolicy: Never
       {{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml
index d2eb090142..99be8354be 100644
--- a/kubernetes/common/postgres-init/values.yaml
+++ b/kubernetes/common/postgres-init/values.yaml
@@ -19,6 +19,7 @@ global:
   postgres:
     service:
       name: pgset
+      name2: tcp-pgset-primary
     container:
       name: postgres
 
@@ -96,10 +97,15 @@ serviceAccount:
   roles:
     - read
 
+securityContext:
+  user_id: 26
+  group_id: 26
+
 readinessCheck:
   wait_for:
-    - '{{ .Values.global.postgres.container.name }}'
+    services:
+    - '{{ .Values.global.postgres.service.name2 }}'
 
 wait_for_job_container:
   containers:
-    - '{{ include "common.name" . }}-update-config'
-\ No newline at end of file
+    - '{{ include "common.name" . }}-update-config'