diff options
author | Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com> | 2020-11-20 17:00:27 +0100 |
---|---|---|
committer | Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com> | 2020-11-22 10:20:58 +0000 |
commit | 868a2802eaebcb7f0ddeadfa855020ca2ce121f2 (patch) | |
tree | 6af40633b00d082252595fac9454c333bc67c69c | |
parent | 23a38b37056055a293cd3e92fb0de8efbd23ded0 (diff) |
[SDC] Bring back sdc onboarding volume mount permissions
Set the permissions of files in the sdc onboarding backend persistent volume for package certs to enable access by the process in the pod which now runs as non-root user (since SDC-2798)
Withdrawal of part of the change I2c895a8d8e7c25e11a2a1e997735d2e7b2d258aa
Commit https://gerrit.onap.org/r/c/oom/+/111513
Signed-off-by: Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>
Issue-ID: SDC-3385
Change-Id: I627922f80728ebf1e42a0c9b39d0e95fa3f7ec7c
-rw-r--r-- | kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index 74757c7be2..9d14dfe5b5 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -92,6 +92,27 @@ spec: cpu: 3m memory: 20Mi {{- end }} + - name: volume-permissions + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - "-c" + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert + securityContext: + runAsUser: 0 + volumeMounts: + - name: {{ include "common.fullname" . }}-cert-storage + mountPath: "/onboard/cert" + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" |