mirror of
https://github.com/bitnami/charts.git
synced 2026-03-01 06:58:20 +08:00
[bitnami/postgresql-ha] Allow the security context of the volume permissions init container to be disabled (#22797)
* [bitnami/postgresql-ha] Allow the security context of the volumePermissions init container to be disabled Signed-off-by: Dor Breger <dor@hisprivate.net> * Bump Chart.yaml correctly Signed-off-by: Jose Antonio Carmona <jcarmona@vmware.com> --------- Signed-off-by: Dor Breger <dor@hisprivate.net> Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com> Signed-off-by: Jose Antonio Carmona <jcarmona@vmware.com> Co-authored-by: Carlos Rodríguez Hernández <carlosrh@vmware.com> Co-authored-by: Jose Antonio Carmona <jcarmona@vmware.com>
This commit is contained in:
DorBreger
@@ -40,4 +40,4 @@ maintainers:
|
||||
name: postgresql-ha
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha
|
||||
version: 13.1.1
|
||||
version: 13.2.0
|
||||
|
||||
@@ -587,6 +587,7 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `volumePermissions.podSecurityContext.enabled` | Whether to enable security context for the volume-permissions init container | `true` |
|
||||
| `volumePermissions.podSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `volumePermissions.podSecurityContext.runAsUser` | Init container volume-permissions User ID | `0` |
|
||||
| `volumePermissions.podSecurityContext.runAsGroup` | Group ID for the init container volume-permissions container | `0` |
|
||||
|
||||
@@ -123,7 +123,9 @@ spec:
|
||||
chown {{ .Values.postgresql.containerSecurityContext.runAsUser }}:{{ .Values.postgresql.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }}
|
||||
find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
|
||||
xargs -r chown -R {{ .Values.postgresql.containerSecurityContext.runAsUser }}:{{ .Values.postgresql.podSecurityContext.fsGroup }}
|
||||
securityContext: {{- .Values.volumePermissions.podSecurityContext | toYaml | nindent 12 }}
|
||||
{{- if .Values.volumePermissions.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.volumePermissions.podSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.volumePermissions.resources }}
|
||||
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1976,6 +1976,7 @@ volumePermissions:
|
||||
pullSecrets: []
|
||||
## K8s Security Context
|
||||
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
## @param volumePermissions.podSecurityContext.enabled Whether to enable security context for the volume-permissions init container
|
||||
## @param volumePermissions.podSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param volumePermissions.podSecurityContext.runAsUser Init container volume-permissions User ID
|
||||
## @param volumePermissions.podSecurityContext.runAsGroup Group ID for the init container volume-permissions container
|
||||
@@ -1983,6 +1984,7 @@ volumePermissions:
|
||||
## @param volumePermissions.podSecurityContext.seccompProfile.type Set Security Context seccompProfile for the init container volume-permissions container
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
Reference in New Issue
Block a user