diff --git a/tutorcairn/patches/k8s-deployments b/tutorcairn/patches/k8s-deployments index c6bf9be..64add6e 100644 --- a/tutorcairn/patches/k8s-deployments +++ b/tutorcairn/patches/k8s-deployments @@ -130,9 +130,9 @@ spec: app.kubernetes.io/name: cairn-clickhouse spec: securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 + runAsUser: {{ APP_USER_ID }} + runAsGroup: {{ APP_USER_ID }} + fsGroup: {{ APP_USER_ID }} fsGroupChangePolicy: "OnRootMismatch" containers: - name: cairn-clickhouse @@ -183,8 +183,8 @@ spec: app.kubernetes.io/name: cairn-superset spec: securityContext: - runAsUser: 1000 - runAsGroup: 1000 + runAsUser: {{ APP_USER_ID }} + runAsGroup: {{ APP_USER_ID }} containers: - name: cairn-superset image: {{ CAIRN_SUPERSET_DOCKER_IMAGE }} @@ -227,8 +227,8 @@ spec: app.kubernetes.io/name: cairn-superset-worker spec: securityContext: - runAsUser: 1000 - runAsGroup: 1000 + runAsUser: {{ APP_USER_ID }} + runAsGroup: {{ APP_USER_ID }} containers: - name: cairn-superset-worker image: {{ CAIRN_SUPERSET_DOCKER_IMAGE }} @@ -261,8 +261,8 @@ spec: app.kubernetes.io/name: cairn-superset-worker-beat spec: securityContext: - runAsUser: 1000 - runAsGroup: 1000 + runAsUser: {{ APP_USER_ID }} + runAsGroup: {{ APP_USER_ID }} containers: - name: cairn-superset-worker-beat image: {{ CAIRN_SUPERSET_DOCKER_IMAGE }} diff --git a/tutorcairn/patches/k8s-jobs b/tutorcairn/patches/k8s-jobs index c401fb3..e970b8a 100644 --- a/tutorcairn/patches/k8s-jobs +++ b/tutorcairn/patches/k8s-jobs @@ -10,8 +10,8 @@ spec: spec: restartPolicy: Never securityContext: - runAsUser: 1000 - runAsGroup: 1000 + runAsUser: {{ APP_USER_ID }} + runAsGroup: {{ APP_USER_ID }} containers: - name: cairn-clickhouse image: {{ CAIRN_CLICKHOUSE_DOCKER_IMAGE }} diff --git a/tutorcairn/patches/local-docker-compose-jobs-services b/tutorcairn/patches/local-docker-compose-jobs-services index 78fd5b7..0b7374a 100644 --- a/tutorcairn/patches/local-docker-compose-jobs-services +++ b/tutorcairn/patches/local-docker-compose-jobs-services @@ -1,6 +1,6 @@ cairn-clickhouse-job: image: {{ CAIRN_CLICKHOUSE_DOCKER_IMAGE }} - user: "1000:1000" + user: "{{ APP_USER_ID }}:{{ APP_USER_ID }}" depends_on: {{ [("cairn-clickhouse", CAIRN_RUN_CLICKHOUSE)]|list_if }} volumes: - ../plugins/cairn/apps/clickhouse/auth.json:/scripts/clickhouse-auth.json:ro diff --git a/tutorcairn/patches/local-docker-compose-permissions-command b/tutorcairn/patches/local-docker-compose-permissions-command index 14629aa..dfce20f 100644 --- a/tutorcairn/patches/local-docker-compose-permissions-command +++ b/tutorcairn/patches/local-docker-compose-permissions-command @@ -1,2 +1,2 @@ -{% if CAIRN_RUN_CLICKHOUSE %}setowner 1000 /data/cairn-clickhouse{% endif %} +{% if CAIRN_RUN_CLICKHOUSE %}setowner {{ APP_USER_ID }} /data/cairn-clickhouse{% endif %} {% if CAIRN_RUN_POSTGRESQL %}setowner 70 /data/cairn-postgresql{% endif %} diff --git a/tutorcairn/patches/local-docker-compose-services b/tutorcairn/patches/local-docker-compose-services index 5dc4493..4015830 100644 --- a/tutorcairn/patches/local-docker-compose-services +++ b/tutorcairn/patches/local-docker-compose-services @@ -19,7 +19,7 @@ cairn-clickhouse: - ../../data/cairn/clickhouse:/var/lib/clickhouse - ../plugins/cairn/apps/clickhouse/users.d/cairn.xml:/etc/clickhouse-server/users.d/cairn.xml:ro - ../plugins/cairn/apps/clickhouse/auth.json:/scripts/clickhouse-auth.json:ro - user: "1000:1000" + user: "{{ APP_USER_ID }}:{{ APP_USER_ID }}" environment: CLICKHOUSE_DO_NOT_CHOWN: "1" ulimits: