get postgres to run under restricted

c3-e · Nov 13, 2020 · 74653ff · 74653ff
1 parent ba322d8
commit 74653ff
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/charts/sonarqube/templates/sonarqube-scc.yaml b/charts/sonarqube/templates/sonarqube-scc.yaml
@@ -56,6 +56,8 @@ users:
 {{- else  }}
 - system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-sonarqube
 {{- end }}
+{{- if .Values.postgresql.securityContext.enabled }}
 - system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-postgresql
+{{- end }}
 
 {{- end }}
diff --git a/charts/sonarqube/values.yaml b/charts/sonarqube/values.yaml
@@ -264,7 +264,7 @@ postgresql:
     storageClass:      
   securityContext:
     # enabled needs to false for OpenShift restricted SCC and true for OpenShift anyuid/nonroot SCC
-    enabled: true
+    enabled: false
     #fsGroup and runAsUser specifications below are not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully.
     #postgresql dockerfile sets user as 1001
     fsGroup: 1001
@@ -273,7 +273,7 @@ postgresql:
     enabled: true
     # if using restricted SCC set runAsUser: "auto" and if running under anyuid/nonroot SCC - runAsUser needs to match runAsUser above
     securityContext:
-      runAsUser: 1001
+      runAsUser: "auto"
   shmVolume:
     chmod:
       enabled: false