X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2Ftimescaledb%2Ftemplates%2Fstatefulset.yaml;h=653326be5f0b0190005889234818d329c7195e3d;hb=refs%2Fheads%2Fmaster;hp=9b63de434dda4b5bd6d3e46a0753174cd4ecd38b;hpb=655bfb764a39f31145aecdde4b8f9147bf1930fc;p=oom.git

diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
index 9b63de434d..653326be5f 100644
--- a/kubernetes/common/timescaledb/templates/statefulset.yaml
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -1,6 +1,6 @@
 {{/*
 # ============LICENSE_START=======================================================
-#  Copyright (c) 2021 Bell Canada.
+#  Copyright (c) 2021-2022 Bell Canada.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -26,16 +26,29 @@ spec:
   selector: {{- include "common.selectors" . | nindent 4 }}
   serviceName: {{ include "common.servicename" . }}
   template:
-    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+    metadata: {{- include "common.templateMetadata" (dict "ignoreHelmChart" true "dot" . ) | nindent 6 }}
     spec:
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
-      securityContext:
-      {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{ include "common.podSecurityContext" . | indent 10 | trim}}
+      initContainers:
+        # we shouldn't need this but for unknown reason, it's fsGroup is not
+        # applied
+        - name: fix-permission
+          command:
+            - /bin/sh
+          args:
+            - -c
+            - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /var/lib/postgresql/data
+          image: {{ include "repositoryGenerator.image.busybox" . }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            runAsUser: 0
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: {{ include "common.fullname" . }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
-          securityContext:
-          {{- toYaml .Values.securityContext | nindent 12 }}
           imagePullPolicy: {{ .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           livenessProbe:
@@ -61,8 +74,7 @@ spec:
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-creds" "key" "password") | indent 14 }}
             - name: PGDATA
               value: /var/lib/postgresql/data/pgdata
-          resources:
-{{ include "common.resources" . | indent 12 }}
+          resources: {{ include "common.resources" . | nindent 12 }}
           volumeMounts:
             - name: {{ include "common.fullname" . }}-init
               mountPath: /docker-entrypoint-initdb.d
@@ -86,5 +98,5 @@ spec:
   {{- end }}
  {{if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
   volumeClaimTemplates:
-    - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }}
+    - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence "ignoreHelmChart" true) | indent 6 | trim }}
 {{- end }}