aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/sdc
diff options
context:
space:
mode:
authorKrzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>2020-11-20 17:00:27 +0100
committerKrzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>2020-11-22 10:21:21 +0000
commit79b1d201a2027c5fc6deb441cf8d2999318083a1 (patch)
treebec4f371c7ed3a612a1f823e396e8a3a6146f9b3 /kubernetes/sdc
parent8c3f7856d4e6e9df0a35f090bfcbef8586937cf5 (diff)
[SDC] Bring back sdc onboarding volume mount permissions
Set the permissions of files in the sdc onboarding backend persistent volume for package certs to enable access by the process in the pod which now runs as non-root user (since SDC-2798) Withdrawal of part of the change I2c895a8d8e7c25e11a2a1e997735d2e7b2d258aa Commit https://gerrit.onap.org/r/c/oom/+/111513 Signed-off-by: Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com> Issue-ID: SDC-3385 Change-Id: I627922f80728ebf1e42a0c9b39d0e95fa3f7ec7c
Diffstat (limited to 'kubernetes/sdc')
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml21
1 files changed, 21 insertions, 0 deletions
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
index 74757c7be2..9d14dfe5b5 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
@@ -92,6 +92,27 @@ spec:
cpu: 3m
memory: 20Mi
{{- end }}
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "/onboard/cert"
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"