a

2025-12-16 19:27:37 +00:00 · 2025-11-09 19:51:10 +00:00
parent 07698ad8a3
commit dd420b851c
1 changed files with 8 additions and 5 deletions
--- a/roles/stolon/files/stolon-keeper.yaml
+++ b/roles/stolon/files/stolon-keeper.yaml
@ -23,8 +23,6 @@ spec:
        prometheus.io/scrape: "true"
        prometheus.io/port: "8080"
    spec:
-      securityContext:
-        fsGroup: 1000
      imagePullSecrets:
      - name: regcred
      terminationGracePeriodSeconds: 10
@ -36,6 +34,7 @@ spec:
            - "-ec"
            - |
              id stolon
+              id root
              # Generate our keeper uid using the pod index
              IFS='-' read -ra ADDR <<< "$(hostname)"
              export STKEEPER_UID="keeper${ADDR[-1]}"
@ -43,9 +42,13 @@ spec:
              export STKEEPER_PG_LISTEN_ADDRESS=$POD_IP
              mkdir -p /stolon-data/data
              export STOLON_DATA=/stolon-data/data
-              chown stolon:stolon /stolon-data
-              chown stolon:stolon $STOLON_DATA
-              exec gosu stolon stolon-keeper --data-dir $STOLON_DATA
+              chown root:root /stolon-data
+              chown root:root $STOLON_DATA
+              exec gosu root stolon-keeper --data-dir $STOLON_DATA
+          securityContext:
+            runAsUser: 0
+            runAsGroup: 0
+            allowPrivilegeEscalation: true
          env:
            - name: POD_NAME
              valueFrom: