SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 33 Packages Projects Releases Wiki Activity

set database pods to run as a specific group

This commit is contained in:
SeanOMik 2023-06-01 22:14:27 -04:00
parent 8ef0113bc1
commit 2b81ac71de
3 changed files with 32 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cluster/apps/database/minio/helm-release.yaml
View File

@ -98,8 +98,8 @@ spec:
secretName: wildcard-main-tls secretName: wildcard-main-tls
podSecurityContext: podSecurityContext:
runAsUser: 1024 runAsUser: 10000
runAsGroup: 100 runAsGroup: 10000
fsGroup: 100 fsGroup: 100
fsGroupChangePolicy: "OnRootMismatch" fsGroupChangePolicy: "OnRootMismatch"

9
cluster/apps/database/postgresql/helm-release.yaml
View File

@ -26,3 +26,12 @@ spec:
primary: primary:
persistence: persistence:
existingClaim: "postgresql-pv-claim" existingClaim: "postgresql-pv-claim"
containerSecurityContext:
enabled: true
runAsUser: 10000
readReplicas:
containerSecurityContext:
enabled: true
runAsUser: 10000

20
cluster/apps/database/redis/helm-release.yaml
View File

@ -17,3 +17,23 @@ spec:
auth: auth:
existingSecret: "redis-secrets" existingSecret: "redis-secrets"
existingSecretPasswordKey: "password" existingSecretPasswordKey: "password"
master:
containerSecurityContext:
enabled: true
runAsUser: 10000
replica:
containerSecurityContext:
enabled: true
runAsUser: 10000
sentinel:
containerSecurityContext:
enabled: true
runAsUser: 10000
metrics:
containerSecurityContext:
enabled: true
runAsUser: 10000