aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoreconwar <conor.ward@est.tech>2019-04-16 08:02:13 +0000
committereconwar <conor.ward@est.tech>2019-04-16 08:02:13 +0000
commit4d9f35fc0c9c437b00335a75bd0201572ebfa544 (patch)
tree99d0597217e86ef447e2da97d8dbeae60525ed5d
parentb78ad8b04fff7bf5a97b828dbea6ab0a9e5817be (diff)
Allow dr-node containers to run as non-root
Update image version to 2.1.0 that has year long certs Change-Id: If17c569c6db879b6fcee9221307560a54f9cb422 Issue-ID: DMAAP-1134 Signed-off-by: econwar <conor.ward@est.tech>
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties6
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml9
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/values.yaml4
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties8
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/values.yaml2
5 files changed, 20 insertions, 9 deletions
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
index f2896ccafa..08e3fd0018 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
@@ -83,11 +83,11 @@ KeyStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks
#
# The password for the https keystore
#
-KeyStorePassword=]3V)($O&.Mv]W{f8^]6SxGNL
+KeyStorePassword=WGxd2P6MDo*Bi4+UdzWs{?$8
#
# The password for the private key in the https keystore
#
-KeyPassword=]3V)($O&.Mv]W{f8^]6SxGNL
+KeyPassword=WGxd2P6MDo*Bi4+UdzWs{?$8
#
# The type of truststore for https
#
@@ -99,7 +99,7 @@ TrustStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks
#
# The password for the https truststore
#
-TrustStorePassword=(Rd,&{]%ePdp}4JZjqoJ2G+g
+TrustStorePassword=)OBvCd{e{aWq.^mJJdX:S:1&
#
# The path to the file used to trigger an orderly shutdown
#
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index ec31f3f750..de3324fe19 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -45,6 +45,15 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-permission-fixer
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.spoolPath }}
+ name: {{ include "common.fullname" . }}-spool-data-pvc
+ - mountPath: {{ .Values.persistence.eventLogsPath }}
+ name: {{ include "common.fullname" . }}-event-logs-pvc
+ command: ["chown","-Rf","1000:1001", "/opt/app/datartr"]
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index c6087e8852..3b1532f999 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -21,13 +21,15 @@ global:
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
loggingDirectory: /opt/app/datartr/logs
+ busyBoxImage: busybox:1.30
+ busyBoxRepository: docker.io
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/datarouter-node:2.0.2
+image: onap/dmaap/datarouter-node:2.1.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index 2b78b8eb2c..6a6f49cc24 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
@@ -25,14 +25,14 @@
#Jetty Server properties
org.onap.dmaap.datarouter.provserver.http.port = {{.Values.config.dmaapDrProv.externalPort}}
org.onap.dmaap.datarouter.provserver.https.port = {{.Values.config.dmaapDrProv.externalPort2}}
-org.onap.dmaap.datarouter.provserver.https.relaxation = true
+org.onap.dmaap.datarouter.provserver.https.relaxation = true
-org.onap.dmaap.datarouter.provserver.keymanager.password = AT{];bvaDiytVD&oWhMZj0N5
+org.onap.dmaap.datarouter.provserver.keymanager.password = FZNkU,B%NJzcT1v7;^v]M#ZX
org.onap.dmaap.datarouter.provserver.keystore.type = jks
org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks
-org.onap.dmaap.datarouter.provserver.keystore.password = AT{];bvaDiytVD&oWhMZj0N5
+org.onap.dmaap.datarouter.provserver.keystore.password = FZNkU,B%NJzcT1v7;^v]M#ZX
org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks
-org.onap.dmaap.datarouter.provserver.truststore.password = ljlS@Y}0]{UO(TnwvEWkgJ%]
+org.onap.dmaap.datarouter.provserver.truststore.password = +mzf@J.D^;3!![*Xr.z$c#?b
org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs
org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool
org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 3d65e911cf..7dca42e746 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/datarouter-prov:2.0.2
+image: onap/dmaap/datarouter-prov:2.1.0
pullPolicy: Always
# flag to enable debugging - application support required