diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-11-30 07:47:29 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2020-11-30 07:47:29 +0000 |
| commit | 2d0eafec73643294cb5016b8e74d57a68608f822 (patch) | |
| tree | 043fa8dd4bc1371bc5ace9a7546715eac4ed2552 /kubernetes/consul/templates/deployment.yaml | |
| parent | 8aad493ec086c48e919e4f7ef85148e6532ffc46 (diff) | |
| parent | 217acfdf611de5bc52246acedcf248e32712f561 (diff) | |
Merge "[CONSUL] Make consul run as non-root"
Diffstat (limited to 'kubernetes/consul/templates/deployment.yaml')
| -rw-r--r-- | kubernetes/consul/templates/deployment.yaml | 41 |
1 files changed, 32 insertions, 9 deletions
diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml index be15ecbca6..31546abd49 100644 --- a/kubernetes/consul/templates/deployment.yaml +++ b/kubernetes/consul/templates/deployment.yaml @@ -39,15 +39,36 @@ spec: spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - containers: - - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} + initContainers: + - name: {{ include "common.name" . }}-chown + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} command: - - /bin/sh - - "-c" + - sh + args: + - -c - | - apk update && apk add jq - cp /tmp/consul/config/* /consul/config - /usr/local/bin/docker-entrypoint.sh agent -client 0.0.0.0 -enable-script-checks -retry-join {{ .Values.consulServer.nameOverride }} + cp -r -L /tmp/consul/config/* /consul/config/ + chown -R {{ .Values.consulUID }}:{{ .Values.consulGID }} /consul/config + ls -la /consul/config + volumeMounts: + - mountPath: /tmp/consul/config + name: consul-agent-config + - mountPath: /consul/config + name: consul-agent-config-dir + containers: + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + command: + - docker-entrypoint.sh + args: + - agent + - -client + - 0.0.0.0 + - -enable-script-checks + - -retry-join + - {{ .Values.consulServer.nameOverride }} name: {{ include "common.name" . }} env: - name: SDNC_ODL_COUNT @@ -55,14 +76,16 @@ spec: - name: SDNC_IS_PRIMARY_CLUSTER value: "{{ .Values.sdnc.config.isPrimaryCluster }}" volumeMounts: - - mountPath: /tmp/consul/config - name: consul-agent-config + - mountPath: /consul/config + name: consul-agent-config-dir - mountPath: /consul/scripts name: consul-agent-scripts-config - mountPath: /consul/certs name: consul-agent-certs-config resources: {{ include "common.resources" . | nindent 10 }} volumes: + - name: consul-agent-config-dir + emptyDir: {} - configMap: name: {{ include "common.fullname" . }}-configmap name: consul-agent-config |