diff options
author | MichaelMorris <michael.morris@est.tech> | 2020-03-15 17:44:48 +0000 |
---|---|---|
committer | Ofir Sonsino <ofir.sonsino@intl.att.com> | 2020-03-22 10:26:38 +0000 |
commit | b137f7e426b7556a05d1222716d1870ce9dad72c (patch) | |
tree | ded0f60e0b3e4c7dde036887b407be9443ab37f3 /kubernetes/sdc/charts/sdc-be/templates | |
parent | 32f9aaa9b02da0cc442d83c5413684ddc9674381 (diff) |
Run SDC pods as non-root
Change-Id: Id8626c02f4c8bf3e1da406920169c0ed6bee457f
Issue-ID: SDC-2798
Signed-off-by: MichaelMorris <michael.morris@est.tech>
Diffstat (limited to 'kubernetes/sdc/charts/sdc-be/templates')
-rw-r--r-- | kubernetes/sdc/charts/sdc-be/templates/deployment.yaml | 4 | ||||
-rw-r--r-- | kubernetes/sdc/charts/sdc-be/templates/job.yaml | 6 |
2 files changed, 7 insertions, 3 deletions
diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml index 1aa0010289..87fed417e6 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml @@ -80,7 +80,7 @@ spec: readinessProbe: exec: command: - - "/var/lib/ready-probe.sh" + - "/var/lib/jetty/ready-probe.sh" initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} @@ -99,7 +99,7 @@ spec: fieldPath: status.podIP volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /var/lib/jetty/chef-solo/environments/ - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-be/templates/job.yaml index 994c407955..4b5ec51976 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/job.yaml @@ -53,7 +53,9 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /home/sdc/chef-solo/environments/ + - name: sdc-logs + mountPath: /var/lib/jetty/logs env: - name: ENVNAME value: {{ .Values.global.env.name }} @@ -66,6 +68,8 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 + - name: sdc-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" restartPolicy: Never |