Set strict permission on mariadb data dir

For security reasons, strict access permission is given to the mariadb data directory /var/lib/mysql Change-Id: I9e55a7e564d66874a35a54a72817fa1237a162e9
2021-03-24 18:02:02 +00:00 · 2021-03-24 18:02:02 +00:00 · 6eec615b39
commit 6eec615b39
parent b3888df131
3 changed files with 7 additions and 6 deletions
--- a/mariadb/Chart.yaml
+++ b/mariadb/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v10.2.31
 description: OpenStack-Helm MariaDB
 name: mariadb
-version: 0.1.11
+version: 0.1.12
 home: https://mariadb.com/kb/en/
 icon: http://badges.mariadb.org/mariadb-badge-180x60.png
 sources:
--- a/mariadb/templates/statefulset.yaml
+++ b/mariadb/templates/statefulset.yaml
@ -115,11 +115,11 @@ spec:
 {{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ dict "envAll" $envAll "application" "server" "container" "perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          command:
+          command: ["/bin/sh", "-c"]
-            - chown
+          args:
-            - -R
+            - set -xe;
-            - "mysql:mysql"
+              /bin/chown -R "mysql:mysql" /var/lib/mysql;
-            - /var/lib/mysql
+              /bin/chmod 700 /var/lib/mysql;
          volumeMounts:
            - name: pod-tmp
              mountPath: /tmp
--- a/releasenotes/notes/mariadb.yaml
+++ b/releasenotes/notes/mariadb.yaml
@ -12,4 +12,5 @@ mariadb:
  - 0.1.9 Uplift Mariadb-ingress to 0.42.0
  - 0.1.10 Rename mariadb backup identities
  - 0.1.11 Disable mariadb mysql history client logging
  - 0.1.12 Set strict permission on mariadb data dir
 ...