Postgresql-utility: Add pod/container security context

This updates the postgresql-utility chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem flag to false

Change-Id: I84664883aaefd8bef679222a7c943f66eb93bad7
This commit is contained in:
Rahul Khiyani 2019-11-25 10:26:40 -06:00
parent 19e2fa9721
commit 1ac759d7fe
2 changed files with 11 additions and 3 deletions

View File

@ -52,8 +52,7 @@ spec:
labels:
{{ tuple $envAll "postgresql" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
securityContext:
runAsUser: 65534
{{ dict "envAll" $envAll "application" "postgresql" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "postgresql" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
@ -63,6 +62,7 @@ spec:
- name: {{ printf "%s" $envAll.Release.Name }}
{{ tuple $envAll "postgresql_utility" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.postgresql_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "postgresql" "container" "postgresql_utility" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/bootstrap.sh
volumeMounts:

View File

@ -39,6 +39,14 @@ labels:
node_selector_value: primary
pod:
security_context:
postgresql:
pod:
runAsUser: 65534
container:
postgresql_utility:
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
dns_policy: "ClusterFirstWithHostNet"
replicas:
utility: 1