[bitnami/clickhouse] Fix volumePermissions's command syntax and security context (#16245)

* [bitnami/clickhouse] Fix volumePermissions command The command used in `volumePermissions` init container was specified as string instead of a list of strings. This may have resulted in errors reported by Helm: ``` Error: UPGRADE FAILED: error validating "": error validating data: ValidationError(StatefulSet.spec.template.spec.initContainers[0].command): invalid type for io.k8s.api.core.v1.Container.command: got "string", expected "array" ``` Signed-off-by: Serge Tkatchouk <sp1j3t@gmail.com> * [bitnami/clickhouse] Bump chart version to v3.3.2 Signed-off-by: Serge Tkatchouk <sp1j3t@gmail.com> * [bitnami/clickhouse] Use own SecurityContext for volumePermissions Signed-off-by: Serge Tkatchouk <sp1j3t@gmail.com> * [bitnami/clickhouse] Render whole volumePermissions securityContext Signed-off-by: Serge Tkatchouk <sp1j3t@gmail.com> * [bitnami/clickhouse] Use tpl helper for volumePermissions SC Signed-off-by: Serge Tkatchouk <sp1j3t@gmail.com> * [bitnami/clickhouse] Remove unneeded mount in volumePermissions Signed-off-by: Serge Tkatchouk <sp1j3t@gmail.com> --------- Signed-off-by: Serge Tkatchouk <sp1j3t@gmail.com>
2026-03-16 06:47:30 +08:00 · 2023-04-28 21:47:13 +08:00
parent 64038e7c43
commit 3cf5eb6488
2 changed files with 25 additions and 26 deletions
--- a/bitnami/clickhouse/Chart.yaml
+++ b/bitnami/clickhouse/Chart.yaml
@@ -26,4 +26,4 @@ name: clickhouse
 sources:
  - https://github.com/bitnami/containers/tree/main/bitnami/clickhouse
  - https://github.com/ClickHouse/ClickHouse
-version: 3.3.1
+version: 3.3.2
--- a/bitnami/clickhouse/templates/statefulset.yaml
+++ b/bitnami/clickhouse/templates/statefulset.yaml
@@ -82,8 +82,8 @@ spec:
          {{- if $.Values.resources }}
          resources: {{- toYaml $.Values.resources | nindent 12 }}
          {{- end }}
-          # We don't require a privileged container in this case
          {{- if $.Values.containerSecurityContext.enabled }}
+          # We don't require a privileged container in this case
          securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
          command:
@@ -101,36 +101,35 @@ spec:
        - name: volume-permissions
          image: {{ include "clickhouse.volumePermissions.image" $ }}
          imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }}
-          command: |
-            mkdir -p /bitnami/clickhouse/data
-            chmod 700 /bitnami/clickhouse/data
-            {{- if $.Values.keeper.enabled }}
-            mkdir -p /bitnami/clickhouse/keeper
-            chmod 700 /bitnami/clickhouse/keeper
-            {{- end }}
-            chown {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /bitnami/clickhouse
-            find /bitnami/clickhouse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
-            xargs -r chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }}
-            {{- if $.Values.tls.enabled }}
-            cp /tmp/certs/* /opt/bitnami/clickhouse/certs/
-            {{- if eq ( toString ( $.Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
-            chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/clickhouse/certs/
-            {{- else }}
-            chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /opt/bitnami/clickhouse/certs/
-            {{- end }}
-            chmod 600 {{ include "clickhouse.tlsCertKey" $ }}
-            {{- end }}
-          {{- if $.Values.containerSecurityContext.enabled }}
-          securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          {{- end }}
+          command:
+            - /bin/sh
+            - -ec
+            - |
+              mkdir -p /bitnami/clickhouse/data
+              chmod 700 /bitnami/clickhouse/data
+              {{- if $.Values.keeper.enabled }}
+              mkdir -p /bitnami/clickhouse/keeper
+              chmod 700 /bitnami/clickhouse/keeper
+              {{- end }}
+              chown {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /bitnami/clickhouse
+              find /bitnami/clickhouse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
+              xargs -r chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }}
+              {{- if $.Values.tls.enabled }}
+              cp /tmp/certs/* /opt/bitnami/clickhouse/certs/
+              {{- if eq ( toString ( $.Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
+              chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/clickhouse/certs/
+              {{- else }}
+              chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /opt/bitnami/clickhouse/certs/
+              {{- end }}
+              chmod 600 {{ include "clickhouse.tlsCertKey" $ }}
+              {{- end }}
+          securityContext: {{- include "common.tplvalues.render" (dict "value" $.Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }}
          {{- if $.Values.volumePermissions.resources }}
          resources: {{- toYaml $.Values.volumePermissions.resources | nindent 12 }}
          {{- end }}
          volumeMounts:
            - name: data
              mountPath: /bitnami/clickhouse
-            - name: config
-              mountPath: /bitnami/clickhouse/conf/default
            {{- if $.Values.tls.enabled }}
            - name: raw-certificates
              mountPath: /tmp/certs