chore: add runAsGroup to backup-job securityContext
What does this MR do?
Adds runAsGroup
to the backup-job's secuirtyContext
with 1000
as the default value.
Currently there the toolbox helm chart does not set runAsGroup
in the pod securityContext. Policy enforcement often has organization rules requiring this to be set to a non-root GID. I had a situation where the policy on a cluster prevented the job pod from being scheduled resulting in backups not being performed.
The original commit adds runAsGroup
to the chart values. During the review process, it was pointed out that this chart handles securityContext templating differently than most. At the request of the reviewer, this was changed.
Related issues
N/A
Author checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, follow the instructions in the "Reviewer Roulette" section of the Danger Bot MR comment, as per the Distribution experimental MR workflow
For merge requests from forks, consider the following options for Danger to work properly:
- Consider using our community forks instead of forking your own project. These community forks have the GitLab API token preconfigured.
- Alternatively, see our documentation on configuring Danger for personal forks.
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes (!3642 (comment 1821932361)) -
Documentation created/updated -
Tests added/updated -
Integration tests added to GitLab QA -
Equivalent MR/issue for omnibus-gitlab opened -
Equivalent MR/issue for Gitlab Operator project opened (see Operator documentation on impact of Charts changes) -
Validate potential values for new configuration settings. Formats such as integer10
, duration10s
, URIscheme://user:passwd@host:port
may require quotation or other special handling when rendered in a template and written to a configuration file.