diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-11-25 16:54:36 +0100 |
|---|---|---|
| committer |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-11-27 14:12:09 +0000 |
| commit | 217acfdf611de5bc52246acedcf248e32712f561 (patch) | |
| tree | 65dd97f0cc4783b7859c66c1c42a46a4ab43d554 /kubernetes/consul/charts/consul-server/templates/statefulset.yaml | |
| parent | a6fa6b1fe4c8c9b8e2a3e29b364dc96804404a9c (diff) | |
[CONSUL] Make consul run as non-root
Use our recently build consul image (still based on the same old
consul version) and modify the deployment to make sure that it is able
to run as non-root user.
Yes, I know that moving consul-server to component would be more
proper solution but as this commit is supposed to be cherry-picked to
guilin I've tried to make as little changes as possible.
Issue-ID: REQ-362
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Idfc09ee225d4f89bb699683fa5e4ae3b86491c08
Diffstat (limited to 'kubernetes/consul/charts/consul-server/templates/statefulset.yaml')
| -rw-r--r-- | kubernetes/consul/charts/consul-server/templates/statefulset.yaml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml index 882e98fea3..16fda3a510 100644 --- a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml +++ b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml @@ -41,7 +41,10 @@ spec: - name: "{{ include "common.namespace" . }}-docker-registry-key" containers: - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} command: ["/usr/local/bin/docker-entrypoint.sh"] args: - "agent" |