openstack/openstack-helm
Code Issues Proposed changes

Postgresql: Fix security context

Browse Source 
This PS fixes the use of the security context macros for the
postgresql chart

Change-Id: I7d5080686e98837b95297b9a33e7241c79193830
This commit is contained in:
RAHUL KHIYANI 2019-05-01 16:33:59 -05:00 committed by Rahul Khiyani
parent e8ce5947f6
commit 2ddb43f525
2 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
postgresql/templates/statefulset.yaml
View File

@ -57,7 +57,7 @@ spec:
- "/bin/chown" - "/bin/chown"
- {{ .Values.pod.security_context.server.pod.runAsUser | quote }} - {{ .Values.pod.security_context.server.pod.runAsUser | quote }}
- {{ .Values.storage.mount.path | quote }} - {{ .Values.storage.mount.path | quote }}
{{ dict "envAll" $envAll "application" "server" "container" "set-volume-perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} {{ dict "envAll" $envAll "application" "server" "container" "set_volume_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
volumeMounts: volumeMounts:
- name: pod-tmp - name: pod-tmp
mountPath: /tmp mountPath: /tmp
@ -68,6 +68,7 @@ spec:
- name: postgresql - name: postgresql
{{ tuple $envAll "postgresql" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "postgresql" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "server" "container" "postgresql" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
ports: ports:
- containerPort: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - containerPort: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
env: env:
@ -100,6 +101,8 @@ spec:
volumeMounts: volumeMounts:
- name: pod-tmp - name: pod-tmp
mountPath: /tmp mountPath: /tmp
- name: pg-run
mountPath: /var/run/postgresql
- name: postgresql-bin - name: postgresql-bin
mountPath: /tmp/start.sh mountPath: /tmp/start.sh
subPath: start.sh subPath: start.sh
@ -114,6 +117,9 @@ spec:
volumes: volumes:
- name: pod-tmp - name: pod-tmp
emptyDir: {} emptyDir: {}
- name: pg-run
emptyDir:
medium: "Memory"
- name: postgresql-bin - name: postgresql-bin
configMap: configMap:
name: postgresql-bin name: postgresql-bin

10
postgresql/values.yaml
View File

@ -28,13 +28,15 @@ pod:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
server: server:
pod:
runAsUser: 999
container: container:
set-volume-perms: set_volume_perms:
runAsUser: 0 runAsUser: 0
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
pod: postgresql:
allowPrivilegeEscalation: false readOnlyRootFilesystem: true
runAsUser: 999 allowPrivilegeEscalation: false
affinity: affinity:
anti: anti:
type: type: