Skip to content

Commit 2daa9a0

Browse files
SchmaetzSchmaetz
committed
securityContext modified for restore-container
1 parent 4a7d2c1 commit 2daa9a0

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

pkg/cluster/k8sres.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1609,7 +1609,7 @@ func (c *Cluster) generateStatefulSet(spec *cpov1.PostgresSpec) (*appsv1.Statefu
16091609
podAnnotations := c.generatePodAnnotations(spec)
16101610

16111611
if spec.GetBackup().Pgbackrest != nil {
1612-
initContainers = append(initContainers, c.generatePgbackrestRestoreContainer(spec, repo_host_mode, volumeMounts, resourceRequirements, c.OpConfig.Resources.SpiloPrivileged, c.OpConfig.Resources.SpiloAllowPrivilegeEscalation, generateCapabilities(c.OpConfig.AdditionalPodCapabilities)))
1612+
initContainers = append(initContainers, c.generatePgbackrestRestoreContainer(spec, repo_host_mode, volumeMounts, resourceRequirements, c.OpConfig.Resources.SpiloPrivileged, c.OpConfig.Resources.SpiloAllowPrivilegeEscalation, c.OpConfig.Resources.ReadOnlyRootFilesystem, generateCapabilities(c.OpConfig.AdditionalPodCapabilities)))
16131613

16141614
additionalVolumes = append(additionalVolumes, c.generatePgbackrestConfigVolume(spec.Backup.Pgbackrest, false))
16151615

@@ -1713,7 +1713,7 @@ func (c *Cluster) generateStatefulSet(spec *cpov1.PostgresSpec) (*appsv1.Statefu
17131713
return statefulSet, nil
17141714
}
17151715

1716-
func (c *Cluster) generatePgbackrestRestoreContainer(spec *cpov1.PostgresSpec, repo_host_mode bool, volumeMounts []v1.VolumeMount, resourceRequirements *v1.ResourceRequirements, privilegedMode bool, privilegeEscalationMode *bool, additionalPodCapabilities *v1.Capabilities) v1.Container {
1716+
func (c *Cluster) generatePgbackrestRestoreContainer(spec *cpov1.PostgresSpec, repo_host_mode bool, volumeMounts []v1.VolumeMount, resourceRequirements *v1.ResourceRequirements, privilegedMode bool, privilegeEscalationMode *bool, readOnlyRootFilesystem *bool, additionalPodCapabilities *v1.Capabilities) v1.Container {
17171717
isOptional := true
17181718
pgbackrestRestoreEnvVars := []v1.EnvVar{
17191719
{
@@ -1808,7 +1808,7 @@ func (c *Cluster) generatePgbackrestRestoreContainer(spec *cpov1.PostgresSpec, r
18081808
SecurityContext: &v1.SecurityContext{
18091809
AllowPrivilegeEscalation: privilegeEscalationMode,
18101810
Privileged: &privilegedMode,
1811-
ReadOnlyRootFilesystem: util.True(),
1811+
ReadOnlyRootFilesystem: readOnlyRootFilesystem,
18121812
Capabilities: additionalPodCapabilities,
18131813
},
18141814
}

0 commit comments

Comments
 (0)