Force containers in k8s to run under root group

Normally containers belong to the 'root' group, but for some reason the downstream red hat scl redis image only belongs to the 'redis' group by default. This fixes that.
2026-01-11 18:09:57 -03:30 · 2020-06-10 13:35:41 -04:00 · 2020-06-10 13:35:41 -04:00 · 423df6618d
commit 423df6618d
parent 3952946d9c
2 changed files with 3 additions and 1 deletions
--- a/installer/roles/kubernetes/templates/configmap.yml.j2
+++ b/installer/roles/kubernetes/templates/configmap.yml.j2
@ -202,6 +202,6 @@ data:

  {{ kubernetes_deployment_name }}_redis_conf: |
    unixsocket /var/run/redis/redis.sock
-    unixsocketperm 777
+    unixsocketperm 660
    port 0
    bind 127.0.0.1
--- a/installer/roles/kubernetes/templates/deployment.yml.j2
+++ b/installer/roles/kubernetes/templates/deployment.yml.j2
@ -40,6 +40,8 @@ spec:
        app: {{ kubernetes_deployment_name }}
    spec:
      serviceAccountName: awx
+      securityContext:
+        fsGroup: 0
      terminationGracePeriodSeconds: 10
 {% if custom_venvs is defined %}
 {% set trusted_hosts = "" %}