diff options
| author |   MichaelMorris <michael.morris@est.tech> | 2020-04-28 09:34:17 +0100 |
|---|---|---|
| committer | MichaelMorris <michael.morris@est.tech> | 2020-04-29 09:01:38 +0100 |
| commit | 276812c91c17e56f02760f2da657c598abbc881e (patch) | |
| tree | 61abff97ec143070d66660e4ffc4949f74756294 /kubernetes/sdc/charts/sdc-onboarding-be | |
| parent | f69c491ed06b017fe439ff8ff48ac896e93d0f52 (diff) | |
Set sdc onboarding volume mount permissions
Set the permissions of files in the sdc onboarding backend persistent volume for package certs to enable access by the process in the pod which now runs as non-root user (since SDC-2798)
Signed-off-by: MichaelMorris <michael.morris@est.tech>
Issue-ID: SDC-2981
Change-Id: I6113f14ca9933e2fec2b565768ed5afbe3c18f21
Diffstat (limited to 'kubernetes/sdc/charts/sdc-onboarding-be')
| -rw-r--r-- | kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml | 13 | ||||
| -rw-r--r-- | kubernetes/sdc/charts/sdc-onboarding-be/values.yaml | 3 |
2 files changed, 16 insertions, 0 deletions
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml index 3db3685b86..108c781f54 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml @@ -70,6 +70,19 @@ spec: mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + - name: volume-permissions + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert + securityContext: + runAsUser: 0 + volumeMounts: + - name: {{ include "common.fullname" . }}-cert-storage + mountPath: "/onboard/cert" containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index 946cb3491f..4cfebbf72f 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -103,6 +103,9 @@ cert: volumeReclaimPolicy: Retain mountSubPath: /sdc/onbaording/cert +securityContext: + fsGroup: 35953 + runAsUser: 352070 ingress: enabled: false |