From 48bcfb9d4b03ac3e2e6915f7bdf72599c8794d43 Mon Sep 17 00:00:00 2001 From: ChrisC Date: Tue, 17 Mar 2020 14:23:42 +0100 Subject: AAF non-root update AAF service dockerfiles to run as user AAF, reusing existing script infra Issue-ID: AAF-1102 Signed-off-by: ChrisC , JulienBe Change-Id: I2d9feef65a98d4545e407825533cd1741f891b45 --- auth/helm/aaf-hello/templates/aaf-hello.yaml | 12 ++++++++++++ auth/helm/aaf/templates/aaf-cass.yaml | 17 +++++++++++++++++ auth/helm/aaf/templates/aaf-cm.yaml | 16 ++++++++++++++++ auth/helm/aaf/templates/aaf-fs.yaml | 16 ++++++++++++++++ auth/helm/aaf/templates/aaf-gui.yaml | 16 ++++++++++++++++ auth/helm/aaf/templates/aaf-locate.yaml | 16 ++++++++++++++++ auth/helm/aaf/templates/aaf-oauth.yaml | 16 ++++++++++++++++ auth/helm/aaf/templates/aaf-service.yaml | 16 ++++++++++++++++ 8 files changed, 125 insertions(+) (limited to 'auth/helm') diff --git a/auth/helm/aaf-hello/templates/aaf-hello.yaml b/auth/helm/aaf-hello/templates/aaf-hello.yaml index 3ff9a576..a79f39ed 100644 --- a/auth/helm/aaf-hello/templates/aaf-hello.yaml +++ b/auth/helm/aaf-hello/templates/aaf-hello.yaml @@ -56,6 +56,18 @@ spec: persistentVolumeClaim: claimName: aaf-hello-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-hello-vol - name: aaf-hello-config image: "{{ .Values.image.repository }}{{ .Values.service.agentImage }}" imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-cass.yaml b/auth/helm/aaf/templates/aaf-cass.yaml index f795dfe5..ace21817 100644 --- a/auth/helm/aaf/templates/aaf-cass.yaml +++ b/auth/helm/aaf/templates/aaf-cass.yaml @@ -68,6 +68,23 @@ spec: - name: aaf-status-vol persistentVolumeClaim: claimName: aaf-status-pvc + initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /var/lib/cassandra + chown -R 1000:1000 /var/lib/cassandra + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/aaf/status + name: aaf-status-vol + - mountPath: /var/lib/cassandra + name: aaf-cass-vol containers: ### ### AAF-CASS diff --git a/auth/helm/aaf/templates/aaf-cm.yaml b/auth/helm/aaf/templates/aaf-cm.yaml index ebb49835..e64da6cc 100644 --- a/auth/helm/aaf/templates/aaf-cm.yaml +++ b/auth/helm/aaf/templates/aaf-cm.yaml @@ -59,6 +59,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/aaf/status + name: aaf-status-vol + - mountPath: /opt/app/osaaf + name: aaf-config-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-fs.yaml b/auth/helm/aaf/templates/aaf-fs.yaml index 479447de..e3973af0 100644 --- a/auth/helm/aaf/templates/aaf-fs.yaml +++ b/auth/helm/aaf/templates/aaf-fs.yaml @@ -59,6 +59,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-config-vol + - mountPath: /opt/app/aaf/status + name: aaf-status-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-gui.yaml b/auth/helm/aaf/templates/aaf-gui.yaml index 14c42599..93c1473f 100644 --- a/auth/helm/aaf/templates/aaf-gui.yaml +++ b/auth/helm/aaf/templates/aaf-gui.yaml @@ -60,6 +60,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-config-vol + - mountPath: /opt/app/aaf/status + name: aaf-status-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-locate.yaml b/auth/helm/aaf/templates/aaf-locate.yaml index d4f2bf66..57ba43d0 100644 --- a/auth/helm/aaf/templates/aaf-locate.yaml +++ b/auth/helm/aaf/templates/aaf-locate.yaml @@ -59,6 +59,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/aaf/status + name: aaf-status-vol + - mountPath: /opt/app/osaaf + name: aaf-config-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-oauth.yaml b/auth/helm/aaf/templates/aaf-oauth.yaml index 4d5ac75a..ab21e3ab 100644 --- a/auth/helm/aaf/templates/aaf-oauth.yaml +++ b/auth/helm/aaf/templates/aaf-oauth.yaml @@ -59,6 +59,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/aaf/status + name: aaf-status-vol + - mountPath: /opt/app/osaaf + name: aaf-config-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent diff --git a/auth/helm/aaf/templates/aaf-service.yaml b/auth/helm/aaf/templates/aaf-service.yaml index 96efa75c..f4772d67 100644 --- a/auth/helm/aaf/templates/aaf-service.yaml +++ b/auth/helm/aaf/templates/aaf-service.yaml @@ -58,6 +58,22 @@ spec: persistentVolumeClaim: claimName: aaf-status-pvc initContainers: + - command: + - /bin/sh + - -c + - | + chmod -R 775 /opt/app/aaf/status + chown -R 1000:1000 /opt/app/aaf/status + chmod -R 775 /opt/app/osaaf + chown -R 1000:1000 /opt/app/osaaf + image: busybox:1.28 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - mountPath: /opt/app/aaf/status + name: aaf-status-vol + - mountPath: /opt/app/osaaf + name: aaf-config-vol - name: aaf-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} imagePullPolicy: IfNotPresent -- cgit 1.2.3-korg