From 2ddb43f52588696b533d9c1a9897fb416d2b396e Mon Sep 17 00:00:00 2001
From: RAHUL KHIYANI <rk0850@att.com>
Date: Wed, 1 May 2019 16:33:59 -0500
Subject: [PATCH] Postgresql: Fix security context

This PS fixes the use of the security context macros for the
postgresql chart

Change-Id: I7d5080686e98837b95297b9a33e7241c79193830
---
 postgresql/templates/statefulset.yaml |  8 +++++++-
 postgresql/values.yaml                | 10 ++++++----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml
index eb9ee0db6..673ad16a7 100644
--- a/postgresql/templates/statefulset.yaml
+++ b/postgresql/templates/statefulset.yaml
@@ -57,7 +57,7 @@ spec:
             - "/bin/chown"
             - {{ .Values.pod.security_context.server.pod.runAsUser | quote }}
             - {{ .Values.storage.mount.path | quote }}
-{{ dict "envAll" $envAll "application" "server" "container" "set-volume-perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{ dict "envAll" $envAll "application" "server" "container" "set_volume_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
@@ -68,6 +68,7 @@ spec:
         - name: postgresql
 {{ tuple $envAll "postgresql" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "server" "container" "postgresql" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           ports:
             - containerPort: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
           env:
@@ -100,6 +101,8 @@ spec:
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
+            - name: pg-run
+              mountPath: /var/run/postgresql
             - name: postgresql-bin
               mountPath: /tmp/start.sh
               subPath: start.sh
@@ -114,6 +117,9 @@ spec:
       volumes:
         - name: pod-tmp
           emptyDir: {}
+        - name: pg-run
+          emptyDir:
+            medium: "Memory"
         - name: postgresql-bin
           configMap:
             name: postgresql-bin
diff --git a/postgresql/values.yaml b/postgresql/values.yaml
index 91a8ff4ed..f951447c7 100644
--- a/postgresql/values.yaml
+++ b/postgresql/values.yaml
@@ -28,13 +28,15 @@ pod:
           readOnlyRootFilesystem: true
           allowPrivilegeEscalation: false
     server:
+      pod:
+        runAsUser: 999
       container:
-        set-volume-perms:
+        set_volume_perms:
           runAsUser: 0
           readOnlyRootFilesystem: true
-      pod:
-        allowPrivilegeEscalation: false
-        runAsUser: 999
+        postgresql:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
   affinity:
     anti:
       type: