diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index ac5f769c..41c0a447 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -69,8 +69,7 @@ spec: - name: elasticsearch-perms {{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.prometheus | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - runAsUser: 0 +{{ dict "envAll" $envAll "application" "data" "container" "elasticsearch_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - chown - -R diff --git a/elasticsearch/templates/statefulset-master.yaml b/elasticsearch/templates/statefulset-master.yaml index 34a208cd..3530627d 100644 --- a/elasticsearch/templates/statefulset-master.yaml +++ b/elasticsearch/templates/statefulset-master.yaml @@ -68,8 +68,7 @@ spec: - name: elasticsearch-perms {{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.prometheus | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - runAsUser: 0 +{{ dict "envAll" $envAll "application" "master" "container" "elasticsearch_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - chown - -R diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 3c29efcd..9c5469cd 100644 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -185,6 +185,8 @@ pod: memory_map_increase: privileged: true readOnlyRootFilesystem: true + elasticsearch_perms: + readOnlyRootFilesystem: true elasticsearch_master: privileged: true capabilities: @@ -217,6 +219,8 @@ pod: memory_map_increase: privileged: true readOnlyRootFilesystem: true + elasticsearch_perms: + readOnlyRootFilesystem: true elasticsearch_data: privileged: true capabilities: