Skip to content

Security context #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Oct 10, 2025
Merged

Security context #88

merged 12 commits into from
Oct 10, 2025

Conversation

@Schmaetz
Copy link
Collaborator

@Schmaetz Schmaetz commented Sep 5, 2025

Preparation for SecurityContext modifications.

Step 1 included here: postgres-exporter sidecar, initcontainer and backup-job-container ready for ReadOnlyRootFilesystem: true

Modifications for postgres-pod and pgbackrest-repo host will follow in step 2 including cleanup and removing compatibility-code

@Schmaetz Schmaetz requested a review from ants September 5, 2025 08:43
ants
ants reviewed Oct 9, 2025
View reviewed changes
pkg/cluster/k8sres.go Outdated
FailureThreshold: 6,
ProbeHandler: v1.ProbeHandler{
HTTPGet: &v1.HTTPGetAction{
Path: "/health",
Copy link
Collaborator

@ants ants Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The correct endpoint is /liveness. This checks that Patroni is working, but ignores postgres. Checking /health will break during maintenance mode, upgrade and if starting postgres takes too long.

Copy link
Collaborator Author

@Schmaetz Schmaetz Oct 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed with a7fee6f

ants
ants reviewed Oct 9, 2025
View reviewed changes
pkg/cluster/k8sres.go Outdated
// },
// TargetContainers: []string{"postgres-exporter"},
// })
// }
Copy link
Collaborator

@ants ants Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addEmptyDirVolume() handles this, so this can be cleaned up.

Copy link
Collaborator Author

@Schmaetz Schmaetz Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed with 04f8519

@Schmaetz Schmaetz changed the base branch from main to release-candidate October 10, 2025 08:41
@Schmaetz Schmaetz merged commit 6568409 into release-candidate Oct 10, 2025
0 of 2 checks passed
@Schmaetz Schmaetz deleted the securityContext branch October 10, 2025 08:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ants ants ants left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Schmaetz @ants