From 97d60dcccd54a2391cc2d14379a2c58ccda79fe0 Mon Sep 17 00:00:00 2001 From: portdirect Date: Wed, 10 Jan 2018 13:40:11 -0500 Subject: [PATCH] Elasticsearch Snapshot: Fix permisions for PVC This PS fixes the permisions for the PVC backing the Elasticsearch Snapshot Change-Id: I7b9897a7e0f34096ce1f2a04aceab7796d3a89c5 --- elasticsearch/templates/deployment-client.yaml | 15 +++++++++++++++ elasticsearch/templates/deployment-master.yaml | 15 +++++++++++++++ elasticsearch/templates/statefulset-data.yaml | 15 +++++++++++++++ 3 files changed, 45 insertions(+) diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index d5bce1314..b65010908 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -92,6 +92,21 @@ spec: - sysctl - -w - vm.max_map_count={{ .Values.conf.init.max_map_count }} +{{ if .Values.storage.filesystem_repository.enabled }} + - name: elasticsearch-repository-perms +{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} + securityContext: + runAsUser: 0 +{{ tuple $envAll $envAll.Values.pod.resources.client | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }} + command: + - chown + - -R + - "elasticsearch:" + - {{ .Values.conf.elasticsearch.repository.location }} + volumeMounts: + - name: storage + mountPath: {{ .Values.conf.elasticsearch.repository.location }} +{{ end }} containers: - name: elasticsearch-client securityContext: diff --git a/elasticsearch/templates/deployment-master.yaml b/elasticsearch/templates/deployment-master.yaml index 7564224f4..727894ca4 100644 --- a/elasticsearch/templates/deployment-master.yaml +++ b/elasticsearch/templates/deployment-master.yaml @@ -57,6 +57,21 @@ spec: - sysctl - -w - vm.max_map_count={{ .Values.conf.init.max_map_count }} +{{ if .Values.storage.filesystem_repository.enabled }} + - name: elasticsearch-repository-perms +{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} + securityContext: + runAsUser: 0 +{{ tuple $envAll $envAll.Values.pod.resources.client | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }} + command: + - chown + - -R + - "elasticsearch:" + - {{ .Values.conf.elasticsearch.repository.location }} + volumeMounts: + - name: storage + mountPath: {{ .Values.conf.elasticsearch.repository.location }} +{{ end }} containers: - name: elasticsearch-master securityContext: diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index 1ec2368ef..5d62ef476 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -89,6 +89,21 @@ spec: - sysctl - -w - vm.max_map_count={{ .Values.conf.init.max_map_count }} +{{ if .Values.storage.filesystem_repository.enabled }} + - name: elasticsearch-repository-perms +{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} + securityContext: + runAsUser: 0 +{{ tuple $envAll $envAll.Values.pod.resources.client | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }} + command: + - chown + - -R + - "elasticsearch:" + - {{ .Values.conf.elasticsearch.repository.location }} + volumeMounts: + - name: storage + mountPath: {{ .Values.conf.elasticsearch.repository.location }} +{{ end }} containers: - name: elasticsearch-data securityContext: