summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichaelMorris <michael.morris@est.tech>2020-03-15 17:44:48 +0000
committerOfir Sonsino <ofir.sonsino@intl.att.com>2020-03-22 10:26:38 +0000
commitb137f7e426b7556a05d1222716d1870ce9dad72c (patch)
treeded0f60e0b3e4c7dde036887b407be9443ab37f3
parent32f9aaa9b02da0cc442d83c5413684ddc9674381 (diff)
Run SDC pods as non-root
Change-Id: Id8626c02f4c8bf3e1da406920169c0ed6bee457f Issue-ID: SDC-2798 Signed-off-by: MichaelMorris <michael.morris@est.tech>
-rw-r--r--kubernetes/sdc/charts/sdc-be/templates/deployment.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-be/templates/job.yaml6
-rw-r--r--kubernetes/sdc/charts/sdc-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-cs/templates/job.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-cs/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-dt/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-fe/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-fe/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml6
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/values.yaml10
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/values.yaml2
21 files changed, 37 insertions, 33 deletions
diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
index 1aa0010289..87fed417e6 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
@@ -80,7 +80,7 @@ spec:
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
@@ -99,7 +99,7 @@ spec:
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-be/templates/job.yaml
index 994c407955..4b5ec51976 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/job.yaml
@@ -53,7 +53,9 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
+ - name: sdc-logs
+ mountPath: /var/lib/jetty/logs
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
@@ -66,6 +68,8 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
+ - name: sdc-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
restartPolicy: Never
diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml
index a58e950b3e..b6bc635071 100644
--- a/kubernetes/sdc/charts/sdc-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.2
-backendInitImage: onap/sdc-backend-init:1.6.2
+image: onap/sdc-backend:1.6.3
+backendInitImage: onap/sdc-backend-init:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml b/kubernetes/sdc/charts/sdc-cs/templates/job.yaml
index 472975ff37..4e4aad46fc 100644
--- a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-cs/templates/job.yaml
@@ -57,9 +57,9 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
- name: {{ include "common.fullname" . }}-chef-cache
- mountPath: /root/chef-solo/cache
+ mountPath: /home/sdc/chef-solo/cache
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml
index c7c8da96b0..ddc194654d 100644
--- a/kubernetes/sdc/charts/sdc-cs/values.yaml
+++ b/kubernetes/sdc/charts/sdc-cs/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.2
-cassandraInitImage: onap/sdc-cassandra-init:1.6.2
+image: onap/sdc-cassandra:1.6.3
+cassandraInitImage: onap/sdc-cassandra-init:1.6.3
pullPolicy: Always
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
index f8fb2f61e2..6072148d07 100644
--- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
@@ -92,7 +92,7 @@ spec:
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml
index 57a25516af..9df959abd4 100644
--- a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml
@@ -52,7 +52,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments
+ mountPath: /var/lib/jetty/chef-solo/environments
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
index 77544a75f3..051c076ea1 100644
--- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
@@ -27,9 +27,9 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.2
+image: onap/dcae-be:1.3.3
pullPolicy: Always
-backendInitImage: onap/dcae-tools:1.3.2
+backendInitImage: onap/dcae-tools:v1.3.3
# flag to enable debugging - application support required
debugEnabled: false
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
index 586baeb609..20a6194e99 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
@@ -91,7 +91,7 @@ spec:
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
index df0606fdbe..26e1cacdd0 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
@@ -27,7 +27,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.2
+image: onap/dcae-dt:1.3.3
pullPolicy: IfNotPresent
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
index 1bc0d880e7..e99d65b43b 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
@@ -91,7 +91,7 @@ spec:
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
index a5794b28c3..46024d57ca 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
@@ -27,7 +27,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.2
+image: onap/dcae-fe:1.3.3
pullPolicy: Always
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml
index 5634aec492..5ae706dee8 100644
--- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml
@@ -77,7 +77,7 @@ spec:
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml
index 06169df566..61beab34c4 100644
--- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml
@@ -27,7 +27,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-tosca-app:1.3.1
+image: onap/dcae-tosca-app:1.3.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
index 6f35f6bd06..8e19489f9a 100644
--- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
@@ -80,7 +80,7 @@ spec:
value: {{ .Values.config.javaOptions }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml
index ce77dfda4a..64ccaa81b1 100644
--- a/kubernetes/sdc/charts/sdc-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.2
+image: onap/sdc-frontend:1.6.3
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
index 78b111658a..75779a319c 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
@@ -57,7 +57,7 @@ spec:
livenessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
@@ -65,7 +65,7 @@ spec:
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
@@ -94,7 +94,7 @@ spec:
value: {{ .Values.cert.certDir }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml
index 11676147e7..0e5e63b772 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml
@@ -53,7 +53,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
index 727d0a389b..b15f784dee 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.2
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.2
+image: onap/sdc-onboard-backend:1.6.3
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 3e5a83aee7..78fdb32dcc 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.1
-configInitImage: onap/workflow-init:1.6.1
+image: onap/workflow-backend:1.6.2
+configInitImage: onap/workflow-init:1.6.2
pullPolicy: Always
initJob:
@@ -47,13 +47,13 @@ config:
serverSSLEnabled: true
serverSSLKeyStoreType: jks
- serverSSLKeyStorePath: /etc/keystore
+ serverSSLKeyStorePath: /home/sdc/etc/keystore
serverSSLTrustStoreType: jks
- serverSSLTrustStorePath: /etc/truststore
+ serverSSLTrustStorePath: /home/sdc/etc/truststore
cassandraSSLEnabled: false
- cassandraTrustStorePath: /etc/truststore
+ cassandraTrustStorePath: /home/sdc/etc/truststore
# default number of instances
replicaCount: 1
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index 66eb22e50c..6b0669b5b6 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.1
+image: onap/workflow-frontend:1.6.2
pullPolicy: Always
# flag to enable debugging - application support required