From dc8c05476d316a16627d5b0934b69c3a9ecc38b7 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Wed, 8 May 2024 15:18:55 +0200 Subject: [COMMON] Fix Kyverno Policies common: - Add settings to common pod templates and fix Cassandra serviceMesh and MariaDB operator templates - Added template for mongodb - Empty lines to files added readinessCheck: - Add missing security settings mariadb-init: - add security settings in job cassandra: - Empty lines added to files mongodb: - make emptyDir volume size configurable others: - update chart dependency for mongodb in components - fix linter errors in all files Issue-ID: OOM-3295 Issue-ID: OOM-3296 Change-Id: Ieb64be337013e0477f7aaca9c75bb6a3f3264848 Signed-off-by: Andreas Geissler --- .../dmaap/components/dmaap-dr-node/templates/statefulset.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'kubernetes/dmaap') diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index 2795a2b5e5..4bb57063ad 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -23,7 +23,11 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - {{ include "common.podSecurityContext" . | indent 6 | trim}} + # temporarily use less restrictions + securityContext: + runAsUser: {{ .Values.securityContext.user_id }} + runAsGroup: {{ .Values.securityContext.group_id }} + fsGroup: {{ .Values.securityContext.group_id }} initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 8 }} - name: {{ include "common.name" . }}-permission-fixer securityContext: -- cgit 1.2.3-korg