diff --git a/bitnami/postgresql-ha/Chart.yaml b/bitnami/postgresql-ha/Chart.yaml index b4a84e4529..3ce76a6de2 100644 --- a/bitnami/postgresql-ha/Chart.yaml +++ b/bitnami/postgresql-ha/Chart.yaml @@ -40,4 +40,4 @@ maintainers: name: postgresql-ha sources: - https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha -version: 13.1.1 +version: 13.2.0 diff --git a/bitnami/postgresql-ha/README.md b/bitnami/postgresql-ha/README.md index 1f5bf5fcc3..332650ae53 100644 --- a/bitnami/postgresql-ha/README.md +++ b/bitnami/postgresql-ha/README.md @@ -587,6 +587,7 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.podSecurityContext.enabled` | Whether to enable security context for the volume-permissions init container | `true` | | `volumePermissions.podSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `volumePermissions.podSecurityContext.runAsUser` | Init container volume-permissions User ID | `0` | | `volumePermissions.podSecurityContext.runAsGroup` | Group ID for the init container volume-permissions container | `0` | diff --git a/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml b/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml index 2cd62ba917..ed621a0310 100644 --- a/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml +++ b/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml @@ -123,7 +123,9 @@ spec: chown {{ .Values.postgresql.containerSecurityContext.runAsUser }}:{{ .Values.postgresql.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }} find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ xargs -r chown -R {{ .Values.postgresql.containerSecurityContext.runAsUser }}:{{ .Values.postgresql.podSecurityContext.fsGroup }} - securityContext: {{- .Values.volumePermissions.podSecurityContext | toYaml | nindent 12 }} + {{- if .Values.volumePermissions.podSecurityContext.enabled }} + securityContext: {{- omit .Values.volumePermissions.podSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} {{- end }} diff --git a/bitnami/postgresql-ha/values.yaml b/bitnami/postgresql-ha/values.yaml index 47e943eaeb..01f5c98667 100644 --- a/bitnami/postgresql-ha/values.yaml +++ b/bitnami/postgresql-ha/values.yaml @@ -1976,6 +1976,7 @@ volumePermissions: pullSecrets: [] ## K8s Security Context ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param volumePermissions.podSecurityContext.enabled Whether to enable security context for the volume-permissions init container ## @param volumePermissions.podSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.podSecurityContext.runAsUser Init container volume-permissions User ID ## @param volumePermissions.podSecurityContext.runAsGroup Group ID for the init container volume-permissions container @@ -1983,6 +1984,7 @@ volumePermissions: ## @param volumePermissions.podSecurityContext.seccompProfile.type Set Security Context seccompProfile for the init container volume-permissions container ## podSecurityContext: + enabled: true seLinuxOptions: null runAsUser: 0 runAsGroup: 0