diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-12-02 07:21:33 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-12-02 07:21:33 +0000 |
commit | f4a8459abc0b5bd142ea3cc883eb4880a63e1140 (patch) | |
tree | 62c9f463c4e02bc175df61fa62d3450435857903 /kubernetes/consul/charts | |
parent | fcbecbd79e4b3b66ae23923ca5ae322c8d9a0e51 (diff) | |
parent | 775b166148ff8f4abb2e667a9824a66f5bd674c0 (diff) |
Merge "[CONSUL] Make consul run as non-root" into guilin
Diffstat (limited to 'kubernetes/consul/charts')
-rw-r--r-- | kubernetes/consul/charts/consul-server/templates/statefulset.yaml | 3 | ||||
-rw-r--r-- | kubernetes/consul/charts/consul-server/values.yaml | 9 |
2 files changed, 10 insertions, 2 deletions
diff --git a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml index 430b6dd1bd..872ef13f95 100644 --- a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml +++ b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml @@ -42,6 +42,9 @@ spec: containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} command: ["/usr/local/bin/docker-entrypoint.sh"] args: - "agent" diff --git a/kubernetes/consul/charts/consul-server/values.yaml b/kubernetes/consul/charts/consul-server/values.yaml index 81472e71eb..d4c03e54ca 100644 --- a/kubernetes/consul/charts/consul-server/values.yaml +++ b/kubernetes/consul/charts/consul-server/values.yaml @@ -25,8 +25,8 @@ global: # Application configuration defaults. ################################################################# # application image -repository: docker.io -image: consul:1.0.6 +repository: nexus3.onap.org:10001 +image: onap/oom/consul:2.1.0 pullPolicy: Always # flag to enable debugging - application support required @@ -90,3 +90,8 @@ resources: cpu: 1 memory: 2Gi unlimited: {} + +securityContext: + fsGroup: 1000 + runAsUser: 100 + runAsGroup: 1000 |