summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>2020-11-20 17:00:27 +0100
committerKrzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>2020-11-22 10:20:58 +0000
commit868a2802eaebcb7f0ddeadfa855020ca2ce121f2 (patch)
tree6af40633b00d082252595fac9454c333bc67c69c
parent23a38b37056055a293cd3e92fb0de8efbd23ded0 (diff)
[SDC] Bring back sdc onboarding volume mount permissions
Set the permissions of files in the sdc onboarding backend persistent volume for package certs to enable access by the process in the pod which now runs as non-root user (since SDC-2798) Withdrawal of part of the change I2c895a8d8e7c25e11a2a1e997735d2e7b2d258aa Commit https://gerrit.onap.org/r/c/oom/+/111513 Signed-off-by: Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com> Issue-ID: SDC-3385 Change-Id: I627922f80728ebf1e42a0c9b39d0e95fa3f7ec7c
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml21
1 files changed, 21 insertions, 0 deletions
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
index 74757c7be2..9d14dfe5b5 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
@@ -92,6 +92,27 @@ spec:
cpu: 3m
memory: 20Mi
{{- end }}
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "/onboard/cert"
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"