diff options
Diffstat (limited to 'kubernetes/common/timescaledb')
-rw-r--r-- | kubernetes/common/timescaledb/resources/init/init-schema.sh | 2 | ||||
-rw-r--r-- | kubernetes/common/timescaledb/templates/statefulset.yaml | 12 | ||||
-rw-r--r-- | kubernetes/common/timescaledb/values.yaml | 6 |
3 files changed, 17 insertions, 3 deletions
diff --git a/kubernetes/common/timescaledb/resources/init/init-schema.sh b/kubernetes/common/timescaledb/resources/init/init-schema.sh index ab83cffae2..9cc0f5ff9f 100644 --- a/kubernetes/common/timescaledb/resources/init/init-schema.sh +++ b/kubernetes/common/timescaledb/resources/init/init-schema.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # ============LICENSE_START======================================================= # Copyright (c) 2021 Bell Canada. diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml index 9b63de434d..435c925eb2 100644 --- a/kubernetes/common/timescaledb/templates/statefulset.yaml +++ b/kubernetes/common/timescaledb/templates/statefulset.yaml @@ -31,6 +31,18 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: chowm-mount-path + command: + - /bin/sh + args: + - -c + - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: {{ include "common.fullname" . }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml index b6d2face3a..55acd92847 100644 --- a/kubernetes/common/timescaledb/values.yaml +++ b/kubernetes/common/timescaledb/values.yaml @@ -40,13 +40,15 @@ serviceAccount: podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +securityContext: + # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group) + runAsUser: 70 + runAsGroup: 70 # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true - # runAsUser: 1000 resources: # We usually recommend not to specify default resources and to leave this as a conscious |