Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: allow setting of security context for sidecar containers ( and more) #2800

Open
seppelucas opened this issue Nov 1, 2024 · 0 comments

Comments

@seppelucas
Copy link

Please, answer some short questions which should help us to understand your problem / question better?

  • Which image of the operator are you using? ghcr.io/zalando/postgres-operator:v1.13.0
  • Where do you run it - cloud or metal? Kubernetes or OpenShift? bare metal kubernetes clusters
  • Are you running Postgres Operator in production? yes
  • Type of issue? feature request

We use the zalando postgres operator in production with Kyverno. we want to use as little excludes as possible. for the normal containers you can set the security-context trough the values.yaml of the helm chart.
We are currently using a sidecar with an custom image for monitoring of the patroni and wal-g backup state. this image does not need any special privileges.

Not all settings for a sidecar are transferred into the statefulset ( such as setting a command, security-context or envFrom).

we would like to be able to set all these settings. we can work around the EnvFrom by specifying exactly which env variables to copy from a secret.( ugly but it works). for the command we had to bake it into the image we are using.

i see there already is a PR and issue for allowing a command. but there is not any action
#2448
#2449

we would like to request to allow setting these settings for a sidecar. preferably in the postgresql resource to allow different images and settings per postgres cluster. (we have multiple in one kubernetes cluster)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant