summaryrefslogtreecommitdiffstats
path: root/kubernetes/consul/charts
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-12-02 07:21:33 +0000
committerGerrit Code Review <gerrit@onap.org>2020-12-02 07:21:33 +0000
commitf4a8459abc0b5bd142ea3cc883eb4880a63e1140 (patch)
tree62c9f463c4e02bc175df61fa62d3450435857903 /kubernetes/consul/charts
parentfcbecbd79e4b3b66ae23923ca5ae322c8d9a0e51 (diff)
parent775b166148ff8f4abb2e667a9824a66f5bd674c0 (diff)
Merge "[CONSUL] Make consul run as non-root" into guilin
Diffstat (limited to 'kubernetes/consul/charts')
-rw-r--r--kubernetes/consul/charts/consul-server/templates/statefulset.yaml3
-rw-r--r--kubernetes/consul/charts/consul-server/values.yaml9
2 files changed, 10 insertions, 2 deletions
diff --git a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
index 430b6dd1bd..872ef13f95 100644
--- a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
+++ b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
@@ -42,6 +42,9 @@ spec:
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ runAsGroup: {{ .Values.securityContext.runAsGroup }}
command: ["/usr/local/bin/docker-entrypoint.sh"]
args:
- "agent"
diff --git a/kubernetes/consul/charts/consul-server/values.yaml b/kubernetes/consul/charts/consul-server/values.yaml
index 81472e71eb..d4c03e54ca 100644
--- a/kubernetes/consul/charts/consul-server/values.yaml
+++ b/kubernetes/consul/charts/consul-server/values.yaml
@@ -25,8 +25,8 @@ global:
# Application configuration defaults.
#################################################################
# application image
-repository: docker.io
-image: consul:1.0.6
+repository: nexus3.onap.org:10001
+image: onap/oom/consul:2.1.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -90,3 +90,8 @@ resources:
cpu: 1
memory: 2Gi
unlimited: {}
+
+securityContext:
+ fsGroup: 1000
+ runAsUser: 100
+ runAsGroup: 1000