Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-15 06:47:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/postgresql-ha] Allow the security context of the volume permissions init container to be disabled (#22797)

Browse Source 
* [bitnami/postgresql-ha] Allow the security context of the
volumePermissions init container to be disabled

Signed-off-by: Dor Breger <dor@hisprivate.net>

* Bump Chart.yaml correctly

Signed-off-by: Jose Antonio Carmona <jcarmona@vmware.com>

---------

Signed-off-by: Dor Breger <dor@hisprivate.net>
Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
Signed-off-by: Jose Antonio Carmona <jcarmona@vmware.com>
Co-authored-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
Co-authored-by: Jose Antonio Carmona <jcarmona@vmware.com>
This commit is contained in:
DorBreger
2024-02-07 12:24:19 +02:00
committed by GitHub
parent f45043e2bd
commit d1efbadf5a
4 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/postgresql-ha/Chart.yaml
View File

@@ -40,4 +40,4 @@ maintainers:
name: postgresql-ha name: postgresql-ha
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha - https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha
version: 13.1.1 version: 13.2.0

1
bitnami/postgresql-ha/README.md
View File

@@ -587,6 +587,7 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.podSecurityContext.enabled` | Whether to enable security context for the volume-permissions init container | `true` |
| `volumePermissions.podSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `volumePermissions.podSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `volumePermissions.podSecurityContext.runAsUser` | Init container volume-permissions User ID | `0` | | `volumePermissions.podSecurityContext.runAsUser` | Init container volume-permissions User ID | `0` |
| `volumePermissions.podSecurityContext.runAsGroup` | Group ID for the init container volume-permissions container | `0` | | `volumePermissions.podSecurityContext.runAsGroup` | Group ID for the init container volume-permissions container | `0` |

4
bitnami/postgresql-ha/templates/postgresql/statefulset.yaml
View File

@@ -123,7 +123,9 @@ spec:
chown {{ .Values.postgresql.containerSecurityContext.runAsUser }}:{{ .Values.postgresql.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }} chown {{ .Values.postgresql.containerSecurityContext.runAsUser }}:{{ .Values.postgresql.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }}
find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
xargs -r chown -R {{ .Values.postgresql.containerSecurityContext.runAsUser }}:{{ .Values.postgresql.podSecurityContext.fsGroup }} xargs -r chown -R {{ .Values.postgresql.containerSecurityContext.runAsUser }}:{{ .Values.postgresql.podSecurityContext.fsGroup }}
securityContext: {{- .Values.volumePermissions.podSecurityContext | toYaml | nindent 12 }} {{- if .Values.volumePermissions.podSecurityContext.enabled }}
securityContext: {{- omit .Values.volumePermissions.podSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.volumePermissions.resources }} {{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }} {{- end }}

2
bitnami/postgresql-ha/values.yaml
View File

@@ -1976,6 +1976,7 @@ volumePermissions:
pullSecrets: [] pullSecrets: []
## K8s Security Context ## K8s Security Context
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param volumePermissions.podSecurityContext.enabled Whether to enable security context for the volume-permissions init container
## @param volumePermissions.podSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.podSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param volumePermissions.podSecurityContext.runAsUser Init container volume-permissions User ID ## @param volumePermissions.podSecurityContext.runAsUser Init container volume-permissions User ID
## @param volumePermissions.podSecurityContext.runAsGroup Group ID for the init container volume-permissions container ## @param volumePermissions.podSecurityContext.runAsGroup Group ID for the init container volume-permissions container
@@ -1983,6 +1984,7 @@ volumePermissions:
## @param volumePermissions.podSecurityContext.seccompProfile.type Set Security Context seccompProfile for the init container volume-permissions container ## @param volumePermissions.podSecurityContext.seccompProfile.type Set Security Context seccompProfile for the init container volume-permissions container
## ##
podSecurityContext: podSecurityContext:
enabled: true
seLinuxOptions: null seLinuxOptions: null
runAsUser: 0 runAsUser: 0
runAsGroup: 0 runAsGroup: 0