diff options
author | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-09-09 21:23:32 +0200 |
---|---|---|
committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-09-09 21:25:14 +0200 |
commit | 86a28cdb200f482bc9a2e1f281ec1c51938f6c2c (patch) | |
tree | eb5a8192627abdd9a2851a845079286167e501bf /kubernetes | |
parent | 7e1a8495095461843a13b39bf02571cf241defb8 (diff) |
[COMMON] Make mongo run as non-root
Use our helper template and k8s features to make mongodb run as a
non-root user as per Guiling requirements.
Issue-ID: DCAEGEN2-2424
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I44bc079a2cc49dc1b0f1da88e220290098e909d5
Diffstat (limited to 'kubernetes')
-rw-r--r-- | kubernetes/common/mongo/templates/statefulset.yaml | 6 | ||||
-rw-r--r-- | kubernetes/common/mongo/values.yaml | 4 |
2 files changed, 10 insertions, 0 deletions
diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 111bc80586..abc71b3133 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -36,10 +36,15 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: +{{ include "common.podSecurityContext" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - docker-entrypoint.sh + args: + - --nounixsocket env: - name: MONGO_INITDB_DATABASE value: "{{ .Values.config.dbName }}" @@ -68,6 +73,7 @@ spec: mountPath: /var/lib/mongo resources: {{ include "common.resources" . | indent 12 }} +{{ include "common.containerSecurityContext" . | indent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml index d272f706ea..d8988c3ae7 100644 --- a/kubernetes/common/mongo/values.yaml +++ b/kubernetes/common/mongo/values.yaml @@ -83,6 +83,10 @@ service: rpcbindPort: 111 rpcbindUdpPort: 111 +securityContext: + user_id: 999 + group_id: 999 + ingress: enabled: false |