set database pods to run as a specific group
This commit is contained in:
parent
8ef0113bc1
commit
2b81ac71de
|
@ -98,8 +98,8 @@ spec:
|
||||||
secretName: wildcard-main-tls
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
runAsUser: 1024
|
runAsUser: 10000
|
||||||
runAsGroup: 100
|
runAsGroup: 10000
|
||||||
fsGroup: 100
|
fsGroup: 100
|
||||||
fsGroupChangePolicy: "OnRootMismatch"
|
fsGroupChangePolicy: "OnRootMismatch"
|
||||||
|
|
||||||
|
|
|
@ -25,4 +25,13 @@ spec:
|
||||||
|
|
||||||
primary:
|
primary:
|
||||||
persistence:
|
persistence:
|
||||||
existingClaim: "postgresql-pv-claim"
|
existingClaim: "postgresql-pv-claim"
|
||||||
|
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 10000
|
||||||
|
|
||||||
|
readReplicas:
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 10000
|
|
@ -17,3 +17,23 @@ spec:
|
||||||
auth:
|
auth:
|
||||||
existingSecret: "redis-secrets"
|
existingSecret: "redis-secrets"
|
||||||
existingSecretPasswordKey: "password"
|
existingSecretPasswordKey: "password"
|
||||||
|
|
||||||
|
master:
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 10000
|
||||||
|
|
||||||
|
replica:
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 10000
|
||||||
|
|
||||||
|
sentinel:
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 10000
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 10000
|
Loading…
Reference in New Issue