diff --git a/bitnami/sonarqube/templates/deployment.yaml b/bitnami/sonarqube/templates/deployment.yaml index 9f53b0c112431a..aaf9a7b01aa9cc 100644 --- a/bitnami/sonarqube/templates/deployment.yaml +++ b/bitnami/sonarqube/templates/deployment.yaml @@ -172,7 +172,9 @@ spec: - -ec - | find /bitnami/sonarqube -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if .Values.volumePermissions.containerSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} diff --git a/bitnami/sonarqube/values.yaml b/bitnami/sonarqube/values.yaml index e1493395f76b74..3a68bd1c79dc71 100644 --- a/bitnami/sonarqube/values.yaml +++ b/bitnami/sonarqube/values.yaml @@ -943,6 +943,7 @@ volumePermissions: resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.enabled Enable init container's Security Context ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the @@ -950,6 +951,7 @@ volumePermissions: ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: + enabled: true seLinuxOptions: {} runAsUser: 0 ## @section Sysctl Image parameters