Default db container security context (#716)

Signed-off-by: Tamal Saha <tamal@appscode.com>

apis/kubedb/v1alpha2/elasticsearch_helpers.go

@@ -355,6 +355,15 @@ func (e *Elasticsearch) SetDefaults(esVersion *v1alpha1.ElasticsearchVersion, to
 		}
 	}
 
+	if e.Spec.PodTemplate.Spec.Container.SecurityContext == nil {
+		e.Spec.PodTemplate.Spec.Container.SecurityContext = &core.SecurityContext{
+			Privileged: pointer.BoolP(false),
+			Capabilities: &core.Capabilities{
+				Add: []core.Capability{"IPC_LOCK", "SYS_RESOURCE"},
+			},
+		}
+	}
+
 	e.setDefaultAffinity(&e.Spec.PodTemplate, e.OffshootSelectors(), topology)
 	e.SetTLSDefaults(esVersion)
 	e.Spec.Monitor.SetDefaults()

apis/kubedb/v1alpha2/postgres_helpers.go

@@ -24,6 +24,7 @@ import (
 	"kubedb.dev/apimachinery/apis/kubedb"
 	"kubedb.dev/apimachinery/crds"
 
+	"gomodules.xyz/pointer"
 	core "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -164,7 +165,7 @@ func (p *Postgres) SetDefaults(topology *core_util.Topology) {
 			//we have set this default to 33554432. if the difference between primary and replica is more then this,
 			//the replica node is going to manually sync itself.
 			Period:                   metav1.Duration{Duration: 100 * time.Millisecond},
-			MaximumLagBeforeFailover: 33554432,
+			MaximumLagBeforeFailover: 32 * 1024 * 1024,
 			ElectionTick:             10,
 			HeartbeatTick:            1,
 		}
@@ -190,6 +191,15 @@ func (p *Postgres) SetDefaults(topology *core_util.Topology) {
 		}
 	}
 
+	if p.Spec.PodTemplate.Spec.Container.SecurityContext == nil {
+		p.Spec.PodTemplate.Spec.Container.SecurityContext = &core.SecurityContext{
+			Privileged: pointer.BoolP(false),
+			Capabilities: &core.Capabilities{
+				Add: []core.Capability{"IPC_LOCK", "SYS_RESOURCE"},
+			},
+		}
+	}
+
 	p.Spec.Monitor.SetDefaults()
 	p.SetTLSDefaults()
 	SetDefaultResourceLimits(&p.Spec.PodTemplate.Spec.Container.Resources, DefaultResourceLimits)