4 files changed, 55 insertions, 23 deletions

diff --git a/kubernetes/common/timescaledb/Chart.yaml b/kubernetes/common/timescaledb/Chart.yaml
index 7aeafa01f2..e2e9e7df34 100644
--- a/kubernetes/common/timescaledb/Chart.yaml
+++ b/kubernetes/common/timescaledb/Chart.yaml
@@ -1,5 +1,6 @@
 # ============LICENSE_START=======================================================
 #  Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2021 Orange
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,4 +21,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: ONAP timescaledb
 name: timescaledb
-version: 8.0.0
+version: 9.0.0
diff --git a/kubernetes/common/timescaledb/requirements.yaml b/kubernetes/common/timescaledb/requirements.yaml
index de0c414c19..1bcd103f27 100644
--- a/kubernetes/common/timescaledb/requirements.yaml
+++ b/kubernetes/common/timescaledb/requirements.yaml
@@ -1,5 +1,6 @@
 # ============LICENSE_START=======================================================
 #  Copyright (c) 2021 Bell Canada.
+#  Modifications Copyright © 2021 Orange
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,11 +19,11 @@
 
 dependencies:
   - name: common
-    version: ~8.x-0
+    version: ~9.x-0
     repository: '@local'
   - name: serviceAccount
-    version: ~8.x-0
+    version: ~9.x-0
     repository: '@local'
   - name: repositoryGenerator
-    version: ~8.x-0
+    version: ~9.x-0
     repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
index 9b63de434d..a3d942fcfa 100644
--- a/kubernetes/common/timescaledb/templates/statefulset.yaml
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -29,13 +29,26 @@ spec:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
-      securityContext:
-      {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{ include "common.podSecurityContext" . | indent 10 | trim}}
+      initContainers:
+        # we shouldn't need this but for unknown reason, it's fsGroup is not
+        # applied
+        - name: fix-permission
+          command:
+            - /bin/sh
+          args:
+            - -c
+            - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /var/lib/postgresql/data
+          image: {{ include "repositoryGenerator.image.busybox" . }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            runAsUser: 0
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: {{ include "common.fullname" . }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
-          securityContext:
-          {{- toYaml .Values.securityContext | nindent 12 }}
           imagePullPolicy: {{ .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           livenessProbe:
diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml
index b6d2face3a..258f516ff0 100644
--- a/kubernetes/common/timescaledb/values.yaml
+++ b/kubernetes/common/timescaledb/values.yaml
@@ -37,28 +37,45 @@ serviceAccount:
   roles:
     - read
 
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
+securityContext:
+  # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group)
+  user_id: 70
+  group_id: 70
   # capabilities:
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true
   # runAsNonRoot: true
-  # runAsUser: 1000
 
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
 resources:
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- limits:
-   cpu: 0.5
-   memory: 256Mi
- requests:
-   cpu: 20m
-   memory: 256Mi
+  small:
+    limits:
+      cpu: 100m
+      memory: 300Mi
+    requests:
+      cpu: 10m
+      memory: 90Mi
+  large:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 2Gi
+  unlimited: {}
 
 nodeSelector: {}