summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-09-09 21:23:32 +0200
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-09-09 21:25:14 +0200
commit86a28cdb200f482bc9a2e1f281ec1c51938f6c2c (patch)
treeeb5a8192627abdd9a2851a845079286167e501bf /kubernetes
parent7e1a8495095461843a13b39bf02571cf241defb8 (diff)
[COMMON] Make mongo run as non-root
Use our helper template and k8s features to make mongodb run as a non-root user as per Guiling requirements. Issue-ID: DCAEGEN2-2424 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I44bc079a2cc49dc1b0f1da88e220290098e909d5
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/common/mongo/templates/statefulset.yaml6
-rw-r--r--kubernetes/common/mongo/values.yaml4
2 files changed, 10 insertions, 0 deletions
diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml
index 111bc80586..abc71b3133 100644
--- a/kubernetes/common/mongo/templates/statefulset.yaml
+++ b/kubernetes/common/mongo/templates/statefulset.yaml
@@ -36,10 +36,15 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+{{ include "common.podSecurityContext" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - docker-entrypoint.sh
+ args:
+ - --nounixsocket
env:
- name: MONGO_INITDB_DATABASE
value: "{{ .Values.config.dbName }}"
@@ -68,6 +73,7 @@ spec:
mountPath: /var/lib/mongo
resources:
{{ include "common.resources" . | indent 12 }}
+{{ include "common.containerSecurityContext" . | indent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml
index d272f706ea..d8988c3ae7 100644
--- a/kubernetes/common/mongo/values.yaml
+++ b/kubernetes/common/mongo/values.yaml
@@ -83,6 +83,10 @@ service:
rpcbindPort: 111
rpcbindUdpPort: 111
+securityContext:
+ user_id: 999
+ group_id: 999
+
ingress:
enabled: false