diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-11-25 16:54:36 +0100 |
|---|---|---|
| committer |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-11-27 14:12:09 +0000 |
| commit | 217acfdf611de5bc52246acedcf248e32712f561 (patch) | |
| tree | 65dd97f0cc4783b7859c66c1c42a46a4ab43d554 /kubernetes/consul/charts | |
| parent | a6fa6b1fe4c8c9b8e2a3e29b364dc96804404a9c (diff) | |
[CONSUL] Make consul run as non-root
Use our recently build consul image (still based on the same old
consul version) and modify the deployment to make sure that it is able
to run as non-root user.
Yes, I know that moving consul-server to component would be more
proper solution but as this commit is supposed to be cherry-picked to
guilin I've tried to make as little changes as possible.
Issue-ID: REQ-362
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Idfc09ee225d4f89bb699683fa5e4ae3b86491c08
Diffstat (limited to 'kubernetes/consul/charts')
| -rw-r--r-- | kubernetes/consul/charts/consul-server/templates/statefulset.yaml | 5 | ||||
| -rw-r--r-- | kubernetes/consul/charts/consul-server/values.yaml | 8 |
2 files changed, 11 insertions, 2 deletions
diff --git a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml index 882e98fea3..16fda3a510 100644 --- a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml +++ b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml @@ -41,7 +41,10 @@ spec: - name: "{{ include "common.namespace" . }}-docker-registry-key" containers: - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} command: ["/usr/local/bin/docker-entrypoint.sh"] args: - "agent" diff --git a/kubernetes/consul/charts/consul-server/values.yaml b/kubernetes/consul/charts/consul-server/values.yaml index 0039aa6654..48a26effd7 100644 --- a/kubernetes/consul/charts/consul-server/values.yaml +++ b/kubernetes/consul/charts/consul-server/values.yaml @@ -17,12 +17,13 @@ ################################################################# global: nodePortPrefix: 302 + repository: nexus3.onap.org:10001 ################################################################# # Application configuration defaults. ################################################################# # application image -image: consul:1.0.6 +image: onap/oom/consul:2.1.0 pullPolicy: Always # flag to enable debugging - application support required @@ -86,3 +87,8 @@ resources: cpu: 1 memory: 2Gi unlimited: {} + +securityContext: + fsGroup: 1000 + runAsUser: 100 + runAsGroup: 1000 |