diff options
9 files changed, 29 insertions, 7 deletions
diff --git a/kubernetes/a1policymanagement/requirements.yaml b/kubernetes/a1policymanagement/requirements.yaml index ba5f5d5ea3..401f2e3c9f 100644 --- a/kubernetes/a1policymanagement/requirements.yaml +++ b/kubernetes/a1policymanagement/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/a1policymanagement/templates/statefulset.yaml b/kubernetes/a1policymanagement/templates/statefulset.yaml index 54ee1515bc..1d25f31e7f 100644 --- a/kubernetes/a1policymanagement/templates/statefulset.yaml +++ b/kubernetes/a1policymanagement/templates/statefulset.yaml @@ -106,6 +106,7 @@ spec: - name: {{ include "common.fullname" . }} mountPath: "/var/policy-management-service/database" resources: {{ include "common.resources" . | nindent 10 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-policy-conf-input configMap: diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 4768349736..0f7c00d235 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -159,4 +159,8 @@ persistence: mountPath: /dockerdata-nfs mountSubPath: nonrtric/policymanagementservice - +#Pods Service Account +serviceAccount: + nameOverride: a1policymanagement + roles: + - read diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 18ef89f1fd..252df407c1 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -74,7 +74,7 @@ global: # global defaults - aai_keystore # application image -image: onap/aai-schema-service:1.9.1 +image: onap/aai-schema-service:1.9.2 pullPolicy: Always restartPolicy: Always flavorOverride: small diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml index 9b63de434d..435c925eb2 100644 --- a/kubernetes/common/timescaledb/templates/statefulset.yaml +++ b/kubernetes/common/timescaledb/templates/statefulset.yaml @@ -31,6 +31,18 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: chowm-mount-path + command: + - /bin/sh + args: + - -c + - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: {{ include "common.fullname" . }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml index b6d2face3a..55acd92847 100644 --- a/kubernetes/common/timescaledb/values.yaml +++ b/kubernetes/common/timescaledb/values.yaml @@ -40,13 +40,15 @@ serviceAccount: podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +securityContext: + # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group) + runAsUser: 70 + runAsGroup: 70 # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true - # runAsUser: 1000 resources: # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/kubernetes/msb/components/msb-discovery/values.yaml b/kubernetes/msb/components/msb-discovery/values.yaml index e981bbd091..f0eabde79f 100644 --- a/kubernetes/msb/components/msb-discovery/values.yaml +++ b/kubernetes/msb/components/msb-discovery/values.yaml @@ -21,7 +21,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/msb/msb_discovery:1.2.7 +image: onap/msb/msb_discovery:1.3.0 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml index 0a343cf925..ef36b13742 100644 --- a/kubernetes/msb/components/msb-eag/values.yaml +++ b/kubernetes/msb/components/msb-eag/values.yaml @@ -52,7 +52,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/msb/msb_apigateway:1.2.8 +image: onap/msb/msb_apigateway:1.3.0 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml index baf2bec4bc..4610232e7b 100644 --- a/kubernetes/msb/components/msb-iag/values.yaml +++ b/kubernetes/msb/components/msb-iag/values.yaml @@ -52,7 +52,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/msb/msb_apigateway:1.2.8 +image: onap/msb/msb_apigateway:1.3.0 pullPolicy: Always istioSidecar: true |