diff --git a/config/crd/bases/awx.ansible.com_awxs.yaml b/config/crd/bases/awx.ansible.com_awxs.yaml index ecba167f2..5450c5d33 100644 --- a/config/crd/bases/awx.ansible.com_awxs.yaml +++ b/config/crd/bases/awx.ansible.com_awxs.yaml @@ -1902,6 +1902,10 @@ spec: description: Set session cookie secure mode for web type: string postgres_security_context_settings: + description: Key/values that will be set under the container-level securityContext field + type: object + x-kubernetes-preserve-unknown-fields: true + postgres_pod_security_context_settings: description: Key/values that will be set under the pod-level securityContext field type: object x-kubernetes-preserve-unknown-fields: true diff --git a/config/manifests/bases/awx-operator.clusterserviceversion.yaml b/config/manifests/bases/awx-operator.clusterserviceversion.yaml index b4c002f19..a6814ae16 100644 --- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml @@ -134,11 +134,16 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Security Context Settings + - displayName: PostgreSQL Container Security Context Settings path: postgres_security_context_settings x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: PostgreSQL Pod Security Context Settings + path: postgres_pod_security_context_settings + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: PostgreSQL Image path: postgres_image x-descriptors: diff --git a/docs/user-guide/advanced-configuration/security-context.md b/docs/user-guide/advanced-configuration/security-context.md index ba77b1b13..87b8c5a81 100644 --- a/docs/user-guide/advanced-configuration/security-context.md +++ b/docs/user-guide/advanced-configuration/security-context.md @@ -2,10 +2,11 @@ It is possible to modify some `SecurityContext` proprieties of the various deployments and stateful sets if needed. -| Name | Description | Default | -| ---------------------------------- | -------------------------------------------- | ------- | -| security_context_settings | SecurityContext for Task and Web deployments | {} | -| postgres_security_context_settings | SecurityContext for PostgreSQL container | {} | +| Name | Description | Default | +| -------------------------------------- | -------------------------------------------- | ------- | +| security_context_settings | SecurityContext for Task and Web deployments | {} | +| postgres_security_context_settings | SecurityContext for PostgreSQL container | {} | +| postgres_pod_security_context_settings | SecurityContext for PostgreSQL pod | {} | Example configuration securityContext for the Task and Web deployments: diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index a7f563f10..ece587ad3 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -464,6 +464,7 @@ development_mode: false security_context_settings: {} postgres_security_context_settings: {} +postgres_pod_security_context_settings: {} # Set no_log settings on certain tasks no_log: true diff --git a/roles/installer/templates/statefulsets/postgres.yaml.j2 b/roles/installer/templates/statefulsets/postgres.yaml.j2 index 31b88d208..0df2c43e1 100644 --- a/roles/installer/templates/statefulsets/postgres.yaml.j2 +++ b/roles/installer/templates/statefulsets/postgres.yaml.j2 @@ -149,6 +149,10 @@ spec: tolerations: {{ postgres_tolerations | indent(width=8) }} {% endif %} +{% if postgres_pod_security_context_settings|length %} + securityContext: + {{ postgres_pod_security_context_settings | to_nice_yaml | indent(8) }} +{% endif %} {% if postgres_extra_volumes %} volumes: {{ postgres_extra_volumes | indent(width=8, first=False) }}