diff options
| author |   ChrisC <christophe.closset@intl.att.com> | 2020-03-17 14:23:42 +0100 |
|---|---|---|
| committer | ChrisC <christophe.closset@intl.att.com> | 2020-03-24 13:37:37 +0100 |
| commit | 48bcfb9d4b03ac3e2e6915f7bdf72599c8794d43 (patch) | |
| tree | f0d2d8d6946ea76d6f54533538dff131c8a70cef /auth/helm | |
| parent | 083a7eb21620467ae1f7d5ba9341e12f75f9cc41 (diff) | |
AAF non-root
update AAF service dockerfiles to run as user AAF, reusing existing script infra
Issue-ID: AAF-1102
Signed-off-by: ChrisC <christophe.closset@intl.att.com>, JulienBe <jb3179x@att.com>
Change-Id: I2d9feef65a98d4545e407825533cd1741f891b45
Diffstat (limited to 'auth/helm')
| -rw-r--r-- | auth/helm/aaf-hello/templates/aaf-hello.yaml | 12 | ||||
| -rw-r--r-- | auth/helm/aaf/templates/aaf-cass.yaml | 17 | ||||
| -rw-r--r-- | auth/helm/aaf/templates/aaf-cm.yaml | 16 | ||||
| -rw-r--r-- | auth/helm/aaf/templates/aaf-fs.yaml | 16 | ||||
| -rw-r--r-- | auth/helm/aaf/templates/aaf-gui.yaml | 16 | ||||
| -rw-r--r-- | auth/helm/aaf/templates/aaf-locate.yaml | 16 | ||||
| -rw-r--r-- | auth/helm/aaf/templates/aaf-oauth.yaml | 16 | ||||
| -rw-r--r-- | auth/helm/aaf/templates/aaf-service.yaml | 16 |
8 files changed, 125 insertions, 0 deletions
diff --git a/auth/helm/aaf-hello/templates/aaf-hello.yaml b/auth/helm/aaf-hello/templates/aaf-hello.yaml index 3ff9a576..a79f39ed 100644 --- a/auth/helm/aaf-hello/templates/aaf-hello.yaml +++ b/auth/helm/aaf-hello/templates/aaf-hello.yaml @@ -56,6 +56,18 @@ spec: persistentVolumeClaim: claimName: aaf-hello-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-hello-vol - name: aaf-hello-config image: "{{ .Values.image.repository }}{{ .Values.service.agentImage }}" imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-cass.yaml b/auth/helm/aaf/templates/aaf-cass.yaml index f795dfe5..ace21817 100644 --- a/auth/helm/aaf/templates/aaf-cass.yaml +++ b/auth/helm/aaf/templates/aaf-cass.yaml @@ -68,6 +68,23 @@ spec: - name: aaf-status-vol persistentVolumeClaim: claimName: aaf-status-pvc + initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /var/lib/cassandra + chown -R 1000:1000 /var/lib/cassandra + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/aaf/status + name: aaf-status-vol + - mountPath: /var/lib/cassandra + name: aaf-cass-vol containers: ### ### AAF-CASS diff --git a/auth/helm/aaf/templates/aaf-cm.yaml b/auth/helm/aaf/templates/aaf-cm.yaml index ebb49835..e64da6cc 100644 --- a/auth/helm/aaf/templates/aaf-cm.yaml +++ b/auth/helm/aaf/templates/aaf-cm.yaml @@ -59,6 +59,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/aaf/status + name: aaf-status-vol + - mountPath: /opt/app/osaaf + name: aaf-config-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-fs.yaml b/auth/helm/aaf/templates/aaf-fs.yaml index 479447de..e3973af0 100644 --- a/auth/helm/aaf/templates/aaf-fs.yaml +++ b/auth/helm/aaf/templates/aaf-fs.yaml @@ -59,6 +59,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-config-vol + - mountPath: /opt/app/aaf/status + name: aaf-status-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-gui.yaml b/auth/helm/aaf/templates/aaf-gui.yaml index 14c42599..93c1473f 100644 --- a/auth/helm/aaf/templates/aaf-gui.yaml +++ b/auth/helm/aaf/templates/aaf-gui.yaml @@ -60,6 +60,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-config-vol + - mountPath: /opt/app/aaf/status + name: aaf-status-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-locate.yaml b/auth/helm/aaf/templates/aaf-locate.yaml index d4f2bf66..57ba43d0 100644 --- a/auth/helm/aaf/templates/aaf-locate.yaml +++ b/auth/helm/aaf/templates/aaf-locate.yaml @@ -59,6 +59,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/aaf/status + name: aaf-status-vol + - mountPath: /opt/app/osaaf + name: aaf-config-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-oauth.yaml b/auth/helm/aaf/templates/aaf-oauth.yaml index 4d5ac75a..ab21e3ab 100644 --- a/auth/helm/aaf/templates/aaf-oauth.yaml +++ b/auth/helm/aaf/templates/aaf-oauth.yaml @@ -59,6 +59,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/aaf/status + name: aaf-status-vol + - mountPath: /opt/app/osaaf + name: aaf-config-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-service.yaml b/auth/helm/aaf/templates/aaf-service.yaml index 96efa75c..f4772d67 100644 --- a/auth/helm/aaf/templates/aaf-service.yaml +++ b/auth/helm/aaf/templates/aaf-service.yaml @@ -58,6 +58,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/aaf/status + name: aaf-status-vol + - mountPath: /opt/app/osaaf + name: aaf-config-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent |