diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-11-04 08:46:43 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-11-04 08:46:43 +0000 |
commit | c28ecc68065746659cdf858946cf09cd60d3629c (patch) | |
tree | 85b80ac8f9f2de2b283fb371d6a4d6cff97d212c | |
parent | 8a9bb06970d6ee75df5f5e53743e0222eabb4b75 (diff) | |
parent | 4aa45c75ac68a5358d480b59fb47f918fa410086 (diff) |
Merge changes Ic1302ac2,I43584b7f
* changes:
[CONSUL] Make consul server run as non-root
[CONSUL] Make consul run as non-root
-rw-r--r-- | kubernetes/consul/charts/consul-server/templates/statefulset.yaml | 4 | ||||
-rw-r--r-- | kubernetes/consul/templates/deployment.yaml | 37 | ||||
-rw-r--r-- | kubernetes/consul/values.yaml | 7 |
3 files changed, 38 insertions, 10 deletions
diff --git a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml index 430b6dd1bd..d572ec2d54 100644 --- a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml +++ b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml @@ -42,8 +42,10 @@ spec: containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" - command: ["/usr/local/bin/docker-entrypoint.sh"] + command: + - sh args: + - /usr/local/bin/docker-entrypoint.sh - "agent" - "-bootstrap-expect={{ .Values.replicaCount }}" - "-enable-script-checks" diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml index 51c6eb72d5..6f1c57967f 100644 --- a/kubernetes/consul/templates/deployment.yaml +++ b/kubernetes/consul/templates/deployment.yaml @@ -39,15 +39,34 @@ spec: spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + initContainers: + - name: {{ include "common.name" . }}-chown + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + command: + - sh + args: + - -c + - | + cp -r -L /tmp/consul/config/* /consul/config/ + chown -R {{ .Values.consulUID }}:{{ .Values.consulGID }} /consul/config + ls -la /consul/config + volumeMounts: + - mountPath: /tmp/consul/config + name: consul-agent-config + - mountPath: /consul/config + name: consul-agent-config-dir containers: - image: "{{ include "common.repository" . }}/{{ .Values.image }}" command: - - /bin/sh - - "-c" - - | - apk update && apk add jq - cp /tmp/consul/config/* /consul/config - /usr/local/bin/docker-entrypoint.sh agent -client 0.0.0.0 -enable-script-checks -retry-join {{ .Values.consulServer.nameOverride }} + - sh + args: + - /usr/local/bin/docker-entrypoint.sh + - agent + - -client + - 0.0.0.0 + - -enable-script-checks + - -retry-join + - {{ .Values.consulServer.nameOverride }} name: {{ include "common.name" . }} env: - name: SDNC_ODL_COUNT @@ -55,14 +74,16 @@ spec: - name: SDNC_IS_PRIMARY_CLUSTER value: "{{ .Values.sdnc.config.isPrimaryCluster }}" volumeMounts: - - mountPath: /tmp/consul/config - name: consul-agent-config + - mountPath: /consul/config + name: consul-agent-config-dir - mountPath: /consul/scripts name: consul-agent-scripts-config - mountPath: /consul/certs name: consul-agent-certs-config resources: {{ include "common.resources" . | nindent 10 }} volumes: + - name: consul-agent-config-dir + emptyDir: {} - configMap: name: {{ include "common.fullname" . }}-configmap name: consul-agent-config diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml index 512c4c3dac..8f17dc637f 100644 --- a/kubernetes/consul/values.yaml +++ b/kubernetes/consul/values.yaml @@ -20,19 +20,24 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:latest ################################################################# # Application configuration defaults. ################################################################# # application image repository: docker.io -image: oomk8s/consul:1.0.0 +image: oomk8s/consul:2.0.0 pullPolicy: Always #subchart name consulServer: nameOverride: consul-server +consulUID: 100 +consulGID: 1000 + # flag to enable debugging - application support required debugEnabled: false |