diff options
author | sunil.unnava <sunil.unnava@att.com> | 2019-04-10 13:09:52 -0400 |
---|---|---|
committer | sunil.unnava <sunil.unnava@att.com> | 2019-04-10 13:10:45 -0400 |
commit | 67970058e2fa63526ce867a6880c4402d8b736f5 (patch) | |
tree | 1cf5db7a3d4938af92c1d7d9d30b3de223a3eb76 /kubernetes/dmaap/components/message-router/charts | |
parent | a12e76d8b95ed9830dd3a5666ff7b2e14c46dd3b (diff) |
run mr containers as non root user
Issue-ID: DMAAP-1040
Change-Id: I62d788b1245f94de6de58450933476fff576fc18
Signed-off-by: sunil.unnava <sunil.unnava@att.com>
Diffstat (limited to 'kubernetes/dmaap/components/message-router/charts')
5 files changed, 25 insertions, 10 deletions
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index cc8fd5a93c..5e964231de 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -70,6 +70,17 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - command: + - sh + - -exec + - | + chown -R 1000:1000 /opt/kafka/data; + image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /opt/kafka/data + name: kafka-data + name: {{ include "common.name" . }}-permission-fixer containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -124,7 +135,7 @@ spec: - name: aaf_locate_url value: "https://aaf-locate:8095" - name: KAFKA_LOG_DIRS - value: "kafka/logs" + value: "/opt/kafka/data" - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR value: "{{ .Values.replicaCount }}" - name: KAFKA_DEFAULT_REPLICATION_FACTOR @@ -137,7 +148,7 @@ spec: readOnly: true - mountPath: /var/run/docker.sock name: docker-socket - - mountPath: /kafka + - mountPath: /opt/kafka/data name: kafka-data {{- if .Values.tolerations }} tolerations: diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml index 5b83bb0a55..9f92610502 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml @@ -30,9 +30,12 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/kafka111:0.0.5 +image: onap/dmaap/kafka111:0.0.6 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 +busyBoxImage: busybox:1.30 +busyBoxRepository: docker.io + zookeeper: name: message-router-zookeeper diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml index 2fbd884ab8..f630e9489b 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml @@ -30,7 +30,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/kafka111:0.0.5 +image: onap/dmaap/kafka111:0.0.6 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index b2f9f13e67..6c15783c3d 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -58,18 +58,19 @@ spec: - /bin/bash - -c - > - if [ -d /tmp/topics/version-2 ]; then + if [ -d /tmp/zookeeper/topics/version-2 ]; then echo "nothing to do"; else - git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit; - echo "Clone complete. Copying from /tmp/gerrit/oom-projects/data-zookeeper/* to /tmp/topics"; - cp -var /tmp/gerrit/oom-topics/data-zookeeper/* /tmp/topics; + git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/zookeeper/gerrit; + echo "Clone complete. Copying from /tmp/zookeeper/gerrit/oom-projects/data-zookeeper/* to /tmp/zookeeper/topics"; + cp -var /tmp/zookeeper/gerrit/oom-topics/data-zookeeper/* /tmp/zookeeper/topics; + chown -R 1000:1000 /tmp/zookeeper/topics; echo "Done."; fi image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - - mountPath: /tmp/topics + - mountPath: /tmp/zookeeper/topics name: zookeeper-data containers: - name: {{ include "common.name" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml index 37a1babe17..22daf946bb 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml @@ -30,7 +30,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/zookeeper:3.0.0 +image: onap/dmaap/zookeeper:4.0.0 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 |