Run SDC pods as non-root

Change-Id: Id8626c02f4c8bf3e1da406920169c0ed6bee457f Issue-ID: SDC-2798 Signed-off-by: MichaelMorris <michael.morris@est.tech>
author: MichaelMorris <michael.morris@est.tech> 2020-03-15 17:44:48 +0000
committer: Ofir Sonsino <ofir.sonsino@intl.att.com> 2020-03-22 10:26:38 +0000
commit: b137f7e426b7556a05d1222716d1870ce9dad72c (patch)
tree: ded0f60e0b3e4c7dde036887b407be9443ab37f3 /kubernetes/sdc/charts/sdc-be/templates
parent: 32f9aaa9b02da0cc442d83c5413684ddc9674381 (diff)
2 files changed, 7 insertions, 3 deletions
diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
index 1aa0010289..87fed417e6 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
@@ -80,7 +80,7 @@ spec:
           readinessProbe:
             exec:
               command:
-              - "/var/lib/ready-probe.sh"
+              - "/var/lib/jetty/ready-probe.sh"
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
@@ -99,7 +99,7 @@ spec:
                 fieldPath: status.podIP
           volumeMounts:
           - name: {{ include "common.fullname" . }}-environments
-            mountPath: /root/chef-solo/environments/
+            mountPath: /var/lib/jetty/chef-solo/environments/
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-be/templates/job.yaml
index 994c407955..4b5ec51976 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/job.yaml
@@ -53,7 +53,9 @@ spec:
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-environments
-          mountPath: /root/chef-solo/environments/
+          mountPath: /home/sdc/chef-solo/environments/
+        - name: sdc-logs
+          mountPath: /var/lib/jetty/logs
         env:
         - name: ENVNAME
           value: {{ .Values.global.env.name }}
@@ -66,6 +68,8 @@ spec:
           configMap:
             name: {{ include "common.release" . }}-sdc-environments-configmap
             defaultMode: 0755
+        - name: sdc-logs
+          emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
       restartPolicy: Never
author	MichaelMorris <michael.morris@est.tech>	2020-03-15 17:44:48 +0000
committer	Ofir Sonsino <ofir.sonsino@intl.att.com>	2020-03-22 10:26:38 +0000
commit	b137f7e426b7556a05d1222716d1870ce9dad72c (patch)
tree	ded0f60e0b3e4c7dde036887b407be9443ab37f3 /kubernetes/sdc/charts/sdc-be/templates
parent	32f9aaa9b02da0cc442d83c5413684ddc9674381 (diff)