diff options
Diffstat (limited to 'kubernetes/common')
8 files changed, 36 insertions, 11 deletions
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh index 2d30f2e068..4dcebc8883 100644 --- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh +++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh set -e diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml index 331a58c310..2acb423511 100644 --- a/kubernetes/common/certInitializer/templates/job.yaml +++ b/kubernetes/common/certInitializer/templates/job.yaml @@ -20,12 +20,13 @@ kind: Job {{- $suffix := "set-tls-secret" }} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} spec: + backoffLimit: 20 template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }} containers: - - name: create tls secret + - name: create-tls-secret command: - /ingress/onboard.sh image: {{ include "repositoryGenerator.image.kubectl" . }} @@ -41,4 +42,5 @@ spec: configMap: name: {{ include "common.fullname" . }}-ingress defaultMode: 0777 + restartPolicy: Never {{- end}} diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl index 2490debffb..9d284de500 100644 --- a/kubernetes/common/common/templates/_secret.tpl +++ b/kubernetes/common/common/templates/_secret.tpl @@ -193,7 +193,7 @@ type: Opaque {{- $entry := dict }} {{- $uid := tpl (default "" $secret.uid) $global }} {{- $keys := keys $secret }} - {{- range $key := (without $keys "annotations" "filePaths" )}} + {{- range $key := (without $keys "annotations" "filePaths" "envs" )}} {{- $_ := set $entry $key (tpl (index $secret $key) $global) }} {{- end }} {{- if $secret.annotations }} @@ -213,12 +213,21 @@ type: Opaque {{- $_ := set $entry "filePaths" $secret.filePaths }} {{- end }} {{- end }} + {{- if $secret.envs }} + {{- $envsCache := (list) }} + {{- range $env := $secret.envs }} + {{- $tplValue := tpl (default "" $env.value) $global }} + {{- $envsCache = append $envsCache (dict "name" $env.name "policy" $env.policy "value" $tplValue) }} + {{- end }} + {{- $_ := set $entry "envs" $envsCache }} + {{- end }} {{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }} {{- $_ := set $entry "realName" $realName }} {{- $_ := set $secretCache $uid $entry }} {{- end }} {{- $_ := set $global.Values "_secretsCache" $secretCache }} {{- end }} + {{- end -}} {{/* diff --git a/kubernetes/common/music/resources/config/startup.sh b/kubernetes/common/music/resources/config/startup.sh index e3cee36f1f..eb84b084d0 100755 --- a/kubernetes/common/music/resources/config/startup.sh +++ b/kubernetes/common/music/resources/config/startup.sh @@ -1,6 +1,6 @@ -#!/bin/bash +#!/bin/sh + {{/* -# # ============LICENSE_START========================================== # org.onap.music # =================================================================== diff --git a/kubernetes/common/postgres/configs/setup.sql b/kubernetes/common/postgres/configs/setup.sql index f60b473242..b564e4cec1 100644 --- a/kubernetes/common/postgres/configs/setup.sql +++ b/kubernetes/common/postgres/configs/setup.sql @@ -32,9 +32,9 @@ CREATE EXTENSION IF NOT EXISTS pgaudit; CREATE SCHEMA IF NOT EXISTS "${PG_USER}"; CREATE TABLE IF NOT EXISTS "${PG_USER}".testtable ( - name varchar(30) PRIMARY KEY, - value varchar(50) NOT NULL, - updatedt timestamp NOT NULL + name varchar(30) PRIMARY KEY, + value varchar(50) NOT NULL, + updatedt timestamp NOT NULL ); INSERT INTO "${PG_USER}".testtable (name, value, updatedt) VALUES ('CPU', '256', now()); diff --git a/kubernetes/common/timescaledb/resources/init/init-schema.sh b/kubernetes/common/timescaledb/resources/init/init-schema.sh index ab83cffae2..9cc0f5ff9f 100644 --- a/kubernetes/common/timescaledb/resources/init/init-schema.sh +++ b/kubernetes/common/timescaledb/resources/init/init-schema.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # ============LICENSE_START======================================================= # Copyright (c) 2021 Bell Canada. diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml index 9b63de434d..435c925eb2 100644 --- a/kubernetes/common/timescaledb/templates/statefulset.yaml +++ b/kubernetes/common/timescaledb/templates/statefulset.yaml @@ -31,6 +31,18 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: chowm-mount-path + command: + - /bin/sh + args: + - -c + - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: {{ include "common.fullname" . }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml index b6d2face3a..55acd92847 100644 --- a/kubernetes/common/timescaledb/values.yaml +++ b/kubernetes/common/timescaledb/values.yaml @@ -40,13 +40,15 @@ serviceAccount: podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +securityContext: + # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group) + runAsUser: 70 + runAsGroup: 70 # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true - # runAsUser: 1000 resources: # We usually recommend not to specify default resources and to leave this as a conscious |