1 files changed, 7 insertions, 6 deletions

diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
index 435c925eb2..a3d942fcfa 100644
--- a/kubernetes/common/timescaledb/templates/statefulset.yaml
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -29,25 +29,26 @@ spec:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
-      securityContext:
-      {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{ include "common.podSecurityContext" . | indent 10 | trim}}
       initContainers:
-        - name: chowm-mount-path
+        # we shouldn't need this but for unknown reason, it's fsGroup is not
+        # applied
+        - name: fix-permission
           command:
             - /bin/sh
           args:
             - -c
-            - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data
+            - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /var/lib/postgresql/data
           image: {{ include "repositoryGenerator.image.busybox" . }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            runAsUser: 0
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
               name: {{ include "common.fullname" . }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
-          securityContext:
-          {{- toYaml .Values.securityContext | nindent 12 }}
           imagePullPolicy: {{ .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           livenessProbe: