From 2b81ac71de01e0486d8376b0d1251a90109d434b Mon Sep 17 00:00:00 2001
From: SeanOMik <seanomik@gmail.com>
Date: Thu, 1 Jun 2023 22:14:27 -0400
Subject: [PATCH] set database pods to run as a specific group

---
 cluster/apps/database/minio/helm-release.yaml |  4 ++--
 .../database/postgresql/helm-release.yaml     | 11 +++++++++-
 cluster/apps/database/redis/helm-release.yaml | 20 +++++++++++++++++++
 3 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/cluster/apps/database/minio/helm-release.yaml b/cluster/apps/database/minio/helm-release.yaml
index da34655..42cb6a7 100644
--- a/cluster/apps/database/minio/helm-release.yaml
+++ b/cluster/apps/database/minio/helm-release.yaml
@@ -98,8 +98,8 @@ spec:
             secretName: wildcard-main-tls
 
     podSecurityContext:
-      runAsUser: 1024
-      runAsGroup: 100
+      runAsUser: 10000
+      runAsGroup: 10000
       fsGroup: 100
       fsGroupChangePolicy: "OnRootMismatch"
     
diff --git a/cluster/apps/database/postgresql/helm-release.yaml b/cluster/apps/database/postgresql/helm-release.yaml
index 19b86e2..283d3e1 100644
--- a/cluster/apps/database/postgresql/helm-release.yaml
+++ b/cluster/apps/database/postgresql/helm-release.yaml
@@ -25,4 +25,13 @@ spec:
 
     primary:
       persistence:
-        existingClaim: "postgresql-pv-claim"
\ No newline at end of file
+        existingClaim: "postgresql-pv-claim"
+
+      containerSecurityContext:
+        enabled: true
+        runAsUser: 10000
+
+    readReplicas:
+      containerSecurityContext:
+        enabled: true
+        runAsUser: 10000
\ No newline at end of file
diff --git a/cluster/apps/database/redis/helm-release.yaml b/cluster/apps/database/redis/helm-release.yaml
index 0de46f7..1e4bbee 100644
--- a/cluster/apps/database/redis/helm-release.yaml
+++ b/cluster/apps/database/redis/helm-release.yaml
@@ -17,3 +17,23 @@ spec:
     auth:
       existingSecret: "redis-secrets"
       existingSecretPasswordKey: "password"
+
+    master:
+      containerSecurityContext:
+        enabled: true
+        runAsUser: 10000
+
+    replica:
+      containerSecurityContext:
+        enabled: true
+        runAsUser: 10000
+
+    sentinel:
+      containerSecurityContext:
+        enabled: true
+        runAsUser: 10000
+
+    metrics:
+      containerSecurityContext:
+        enabled: true
+        runAsUser: 10000
\ No newline at end of file