run mr containers as non root user

Issue-ID: DMAAP-1040 Change-Id: I62d788b1245f94de6de58450933476fff576fc18 Signed-off-by: sunil.unnava <sunil.unnava@att.com>
author: sunil.unnava <sunil.unnava@att.com> 2019-04-10 13:09:52 -0400
committer: sunil.unnava <sunil.unnava@att.com> 2019-04-10 13:10:45 -0400
commit: 67970058e2fa63526ce867a6880c4402d8b736f5 (patch)
tree: 1cf5db7a3d4938af92c1d7d9d30b3de223a3eb76 /kubernetes/dmaap/components/message-router/charts/message-router-kafka
parent: a12e76d8b95ed9830dd3a5666ff7b2e14c46dd3b (diff)
2 files changed, 17 insertions, 3 deletions
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
index cc8fd5a93c..5e964231de 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
@@ -70,6 +70,17 @@ spec:
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      - command:
+        -  sh
+        - -exec
+        - |
+          chown -R 1000:1000 /opt/kafka/data;
+        image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /opt/kafka/data
+          name: kafka-data
+        name: {{ include "common.name" . }}-permission-fixer
       containers:
       - name: {{ include "common.name" .  }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -124,7 +135,7 @@ spec:
         - name: aaf_locate_url
           value: "https://aaf-locate:8095"
         - name: KAFKA_LOG_DIRS
-          value: "kafka/logs"
+          value: "/opt/kafka/data"
         - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
           value: "{{ .Values.replicaCount }}"
         - name: KAFKA_DEFAULT_REPLICATION_FACTOR
@@ -137,7 +148,7 @@ spec:
           readOnly: true
         - mountPath: /var/run/docker.sock
           name: docker-socket
-        - mountPath: /kafka
+        - mountPath: /opt/kafka/data
           name: kafka-data
       {{- if .Values.tolerations }}
       tolerations:
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
index 5b83bb0a55..9f92610502 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
@@ -30,9 +30,12 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:0.0.5
+image: onap/dmaap/kafka111:0.0.6
 pullPolicy: Always
 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+busyBoxImage: busybox:1.30
+busyBoxRepository: docker.io
+
 
 zookeeper:
   name: message-router-zookeeper
author	sunil.unnava <sunil.unnava@att.com>	2019-04-10 13:09:52 -0400
committer	sunil.unnava <sunil.unnava@att.com>	2019-04-10 13:10:45 -0400
commit	67970058e2fa63526ce867a6880c4402d8b736f5 (patch)
tree	1cf5db7a3d4938af92c1d7d9d30b3de223a3eb76 /kubernetes/dmaap/components/message-router/charts/message-router-kafka
parent	a12e76d8b95ed9830dd3a5666ff7b2e14c46dd3b (diff)