diff options
Diffstat (limited to 'kubernetes/common')
| -rw-r--r-- | kubernetes/common/postgres/configs/setup.sql | 6 | ||||
| -rw-r--r-- | kubernetes/common/timescaledb/templates/statefulset.yaml | 12 | ||||
| -rw-r--r-- | kubernetes/common/timescaledb/values.yaml | 6 |
3 files changed, 19 insertions, 5 deletions
diff --git a/kubernetes/common/postgres/configs/setup.sql b/kubernetes/common/postgres/configs/setup.sql index f60b473242..b564e4cec1 100644 --- a/kubernetes/common/postgres/configs/setup.sql +++ b/kubernetes/common/postgres/configs/setup.sql @@ -32,9 +32,9 @@ CREATE EXTENSION IF NOT EXISTS pgaudit; CREATE SCHEMA IF NOT EXISTS "${PG_USER}"; CREATE TABLE IF NOT EXISTS "${PG_USER}".testtable ( - name varchar(30) PRIMARY KEY, - value varchar(50) NOT NULL, - updatedt timestamp NOT NULL + name varchar(30) PRIMARY KEY, + value varchar(50) NOT NULL, + updatedt timestamp NOT NULL ); INSERT INTO "${PG_USER}".testtable (name, value, updatedt) VALUES ('CPU', '256', now()); diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml index 9b63de434d..435c925eb2 100644 --- a/kubernetes/common/timescaledb/templates/statefulset.yaml +++ b/kubernetes/common/timescaledb/templates/statefulset.yaml @@ -31,6 +31,18 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: chowm-mount-path + command: + - /bin/sh + args: + - -c + - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: {{ include "common.fullname" . }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml index b6d2face3a..55acd92847 100644 --- a/kubernetes/common/timescaledb/values.yaml +++ b/kubernetes/common/timescaledb/values.yaml @@ -40,13 +40,15 @@ serviceAccount: podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +securityContext: + # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group) + runAsUser: 70 + runAsGroup: 70 # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true - # runAsUser: 1000 resources: # We usually recommend not to specify default resources and to leave this as a conscious |