Merge "[CONSUL] Make consul run as non-root"

2 files changed, 11 insertions, 2 deletions

diff --git a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
index 882e98fea3..16fda3a510 100644
--- a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
+++ b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
@@ -41,7 +41,10 @@ spec:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        securityContext:
+          runAsUser: {{ .Values.securityContext.runAsUser }}
+          runAsGroup: {{ .Values.securityContext.runAsGroup }}
         command: ["/usr/local/bin/docker-entrypoint.sh"]
         args:
         - "agent"
diff --git a/kubernetes/consul/charts/consul-server/values.yaml b/kubernetes/consul/charts/consul-server/values.yaml
index 0039aa6654..48a26effd7 100644
--- a/kubernetes/consul/charts/consul-server/values.yaml
+++ b/kubernetes/consul/charts/consul-server/values.yaml
@@ -17,12 +17,13 @@
 #################################################################
 global:
   nodePortPrefix: 302
+  repository: nexus3.onap.org:10001
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: consul:1.0.6
+image: onap/oom/consul:2.1.0
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -86,3 +87,8 @@ resources:
       cpu: 1
       memory: 2Gi
   unlimited: {}
+
+securityContext:
+  fsGroup: 1000
+  runAsUser: 100
+  runAsGroup: 1000