5 files changed, 64 insertions, 6 deletions

diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 6decff2463..af08ea3d58 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -129,7 +129,7 @@ ingress:
 ## Configure MariaDB-Galera with a custom my.cnf file
 ## ref: https://mariadb.com/kb/en/mariadb/configuring-mariadb-with-mycnf/#example-of-configuration-file
 ##
-externalConfig: {}
+externalConfig: ""
 # externalConfig: |-
   # [mysqld]
   # innodb_buffer_pool_size=2G
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index 10f9405de6..a5a416329b 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -58,9 +58,9 @@ pullPolicy: Always
 config:
   pgUserName: testuser
   pgDatabase: userdb
-  pgPrimaryPassword: password
-  pgUserPassword: password
-  pgRootPassword: password
+  # pgPrimaryPassword: password
+  # pgUserPassword: password
+  # pgRootPassword: password
 
 container:
   name:
diff --git a/kubernetes/esr/charts/esr-gui/templates/deployment.yaml b/kubernetes/esr/charts/esr-gui/templates/deployment.yaml
index 9319485ddf..9c70d327d7 100644
--- a/kubernetes/esr/charts/esr-gui/templates/deployment.yaml
+++ b/kubernetes/esr/charts/esr-gui/templates/deployment.yaml
@@ -31,6 +31,27 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1001
+        fsGroup: 1001
+      initContainers:
+      - command:
+        - cp
+        args:
+        - -r
+        - -T
+        - /home/esr/tomcat
+        - /opt/tomcat
+        securityContext:
+          privileged: true
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: create-tomcat-dir
+        volumeMounts:
+        - name: tomcat-workdir
+          mountPath: /opt/tomcat
+
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -54,15 +75,23 @@ spec:
           env:
             - name: MSB_ADDR
               value: {{ tpl .Values.msbaddr . }}
+          volumeMounts:
+            - name: tomcat-workdir
+              mountPath: /home/esr/tomcat/
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
-        nodeSelector:
+          nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
         {{- end -}}
         {{- if .Values.affinity }}
-        affinity:
+          affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
+
+      volumes:
+      - name: tomcat-workdir
+        emptyDir: {}
+
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/esr/charts/esr-server/templates/deployment.yaml b/kubernetes/esr/charts/esr-server/templates/deployment.yaml
index d6704285d0..995a409d8a 100644
--- a/kubernetes/esr/charts/esr-server/templates/deployment.yaml
+++ b/kubernetes/esr/charts/esr-server/templates/deployment.yaml
@@ -31,6 +31,27 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1001
+        fsGroup: 1001
+      initContainers:
+      - command:
+        - cp
+        args:
+        - -r
+        - -T
+        - /home/esr/conf
+        - /opt/conf
+        securityContext:
+          privileged: true
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: create-conf-dir
+        volumeMounts:
+        - name: conf-dir
+          mountPath: /opt/conf
+
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -60,6 +81,8 @@ spec:
             readOnly: true
           - mountPath: /home/esr/works/logs
             name: {{ include "common.fullname" . }}-logs
+          - mountPath: /home/esr/conf
+            name: conf-dir
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -72,6 +95,9 @@ spec:
         {{- end }}
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
@@ -99,5 +125,8 @@ spec:
           emptyDir: {}
         - name:  {{ include "common.fullname" . }}-logs
           emptyDir: {}
+        - name: conf-dir
+          emptyDir: {}
+
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/robot b/kubernetes/robot
-Subproject 4a50a3b035623ab285263a9ebed5d98f33bc65f
+Subproject fc6143a31ef4a55d649f8e5384f661671274331