Add security context for configsvr and shards

aneoconsulting · Sep 4, 2024 · 3478e6c · 3478e6c
1 parent 74562ba
commit 3478e6c
Showing 1 changed file with 22 additions and 5 deletions.
diff --git a/storage/onpremise/mongodb-sharded/main.tf b/storage/onpremise/mongodb-sharded/main.tf
@@ -82,7 +82,15 @@ resource "helm_release" "mongodb" {
           "enabled"     = true
           "whenDeleted" = "Delete"
         }
-      }
+
+                  "podSecurityContext" = {
+            "fsGroup" = var.security_context.fs_group
+          }
+          "containerSecurityContext" = {
+            "runAsUser"  = var.security_context.run_as_user
+            "runAsGroup" = var.security_context.fs_group
+          }
+        }
 
       "mongos" = {
         "replicaCount"      = var.sharding.router.replicas
@@ -115,11 +123,20 @@ resource "helm_release" "mongodb" {
 
           "podLabels" = var.labels
           "resources" = var.resources.shards
-        }
 
-        "persistentVolumeClaimRetentionPolicy" = {
-          "enabled"     = true
-          "whenDeleted" = "Delete"
+
+          "persistentVolumeClaimRetentionPolicy" = {
+            "enabled"     = true
+            "whenDeleted" = "Delete"
+          }
+
+          "podSecurityContext" = {
+            "fsGroup" = var.security_context.fs_group
+          }
+          "containerSecurityContext" = {
+            "runAsUser"  = var.security_context.run_as_user
+            "runAsGroup" = var.security_context.fs_group
+          }
         }
 
         "arbiter" = {