Skip to content

Commit 37babf8

Browse files
addreasaddreas
committed
Set securityContext for backup container
1 parent af084a5 commit 37babf8

File tree

1 file changed

+11
-32
lines changed

1 file changed

+11
-32
lines changed

pkg/cluster/k8sres.go

Lines changed: 11 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -772,9 +772,6 @@ func (c *Cluster) generatePodTemplate(
772772
sidecarContainers []v1.Container,
773773
sharePgSocketWithSidecars *bool,
774774
tolerationsSpec *[]v1.Toleration,
775-
spiloRunAsUser *int64,
776-
spiloRunAsGroup *int64,
777-
spiloFSGroup *int64,
778775
nodeAffinity *v1.Affinity,
779776
schedulerName *string,
780777
terminateGracePeriod int64,
@@ -793,18 +790,22 @@ func (c *Cluster) generatePodTemplate(
793790
terminateGracePeriodSeconds := terminateGracePeriod
794791
containers := []v1.Container{*spiloContainer}
795792
containers = append(containers, sidecarContainers...)
796-
securityContext := v1.PodSecurityContext{}
793+
securityContext := v1.PodSecurityContext{
794+
RunAsUser: c.OpConfig.Resources.SpiloRunAsUser,
795+
RunAsGroup: c.OpConfig.Resources.SpiloRunAsGroup,
796+
FSGroup: c.OpConfig.Resources.SpiloFSGroup,
797+
}
797798

798-
if spiloRunAsUser != nil {
799-
securityContext.RunAsUser = spiloRunAsUser
799+
if c.Spec.SpiloRunAsUser != nil {
800+
securityContext.RunAsUser = c.Spec.SpiloRunAsUser
800801
}
801802

802-
if spiloRunAsGroup != nil {
803-
securityContext.RunAsGroup = spiloRunAsGroup
803+
if c.Spec.SpiloRunAsGroup != nil {
804+
securityContext.RunAsGroup = c.Spec.SpiloRunAsGroup
804805
}
805806

806-
if spiloFSGroup != nil {
807-
securityContext.FSGroup = spiloFSGroup
807+
if c.Spec.SpiloFSGroup != nil {
808+
securityContext.FSGroup = c.Spec.SpiloFSGroup
808809
}
809810

810811
podSpec := v1.PodSpec{
@@ -1268,22 +1269,6 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*appsv1.Statef
12681269
// pickup the docker image for the spilo container
12691270
effectiveDockerImage := util.Coalesce(spec.DockerImage, c.OpConfig.DockerImage)
12701271

1271-
// determine the User, Group and FSGroup for the spilo pod
1272-
effectiveRunAsUser := c.OpConfig.Resources.SpiloRunAsUser
1273-
if spec.SpiloRunAsUser != nil {
1274-
effectiveRunAsUser = spec.SpiloRunAsUser
1275-
}
1276-
1277-
effectiveRunAsGroup := c.OpConfig.Resources.SpiloRunAsGroup
1278-
if spec.SpiloRunAsGroup != nil {
1279-
effectiveRunAsGroup = spec.SpiloRunAsGroup
1280-
}
1281-
1282-
effectiveFSGroup := c.OpConfig.Resources.SpiloFSGroup
1283-
if spec.SpiloFSGroup != nil {
1284-
effectiveFSGroup = spec.SpiloFSGroup
1285-
}
1286-
12871272
volumeMounts := generateVolumeMounts(spec.Volume)
12881273

12891274
// configure TLS with a custom secret volume
@@ -1397,9 +1382,6 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*appsv1.Statef
13971382
sidecarContainers,
13981383
c.OpConfig.SharePgSocketWithSidecars,
13991384
&tolerationSpec,
1400-
effectiveRunAsUser,
1401-
effectiveRunAsGroup,
1402-
effectiveFSGroup,
14031385
c.nodeAffinity(c.OpConfig.NodeReadinessLabel, spec.NodeAffinity),
14041386
spec.SchedulerName,
14051387
int64(c.OpConfig.PodTerminateGracePeriod.Seconds()),
@@ -2204,9 +2186,6 @@ func (c *Cluster) generateLogicalBackupJob() (*batchv1.CronJob, error) {
22042186
[]v1.Container{},
22052187
util.False(),
22062188
&[]v1.Toleration{},
2207-
nil,
2208-
nil,
2209-
nil,
22102189
c.nodeAffinity(c.OpConfig.NodeReadinessLabel, nil),
22112190
nil,
22122191
int64(c.OpConfig.PodTerminateGracePeriod.Seconds()),

0 commit comments

Comments
 (0)