From: Renu Kumari <renu.kumari@bell.ca>
Date: Wed, 13 Oct 2021 14:51:53 +0000 (-0400)
Subject: [COMMON] Fix timescaledb volume permission issue
X-Git-Tag: 9.0.0~74^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=3507fdc8cfc5ea6075af269b8ae41d8c0ff4dcfb;hp=a697f8ab8f2b47100cb73a7f5812f70e242b75a6;p=oom.git

[COMMON] Fix timescaledb volume permission issue

- Added init-container to change mounted volume permission

Issue-ID: CPS-667
Signed-off-by: Renu Kumari <renu.kumari@bell.ca>
Change-Id: I3161400cbcf2de88580ea768c97212a2983f5fff
---

diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
index 0bd7d30478..a3d942fcfa 100644
--- a/kubernetes/common/timescaledb/templates/statefulset.yaml
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -30,6 +30,22 @@ spec:
     spec:
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
       {{ include "common.podSecurityContext" . | indent 10 | trim}}
+      initContainers:
+        # we shouldn't need this but for unknown reason, it's fsGroup is not
+        # applied
+        - name: fix-permission
+          command:
+            - /bin/sh
+          args:
+            - -c
+            - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /var/lib/postgresql/data
+          image: {{ include "repositoryGenerator.image.busybox" . }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            runAsUser: 0
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: {{ include "common.fullname" . }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}