8 files changed, 59 insertions, 17 deletions

diff --git a/kubernetes/consul/Chart.yaml b/kubernetes/consul/Chart.yaml
index b9a330af5a..88acea9548 100644
--- a/kubernetes/consul/Chart.yaml
+++ b/kubernetes/consul/Chart.yaml
@@ -16,4 +16,4 @@
 apiVersion: v1
 description: ONAP Consul Agent
 name: consul
-version: 6.0.0
+version: 7.0.0
diff --git a/kubernetes/consul/charts/consul-server/Chart.yaml b/kubernetes/consul/charts/consul-server/Chart.yaml
index a50afa552c..8a94ed5b68 100644
--- a/kubernetes/consul/charts/consul-server/Chart.yaml
+++ b/kubernetes/consul/charts/consul-server/Chart.yaml
@@ -16,4 +16,4 @@
 apiVersion: v1
 description: ONAP Consul Server
 name: consul-server
-version: 6.0.0
+version: 7.0.0
diff --git a/kubernetes/consul/charts/consul-server/requirements.yaml b/kubernetes/consul/charts/consul-server/requirements.yaml
index d3c442d32e..6963d207e7 100644
--- a/kubernetes/consul/charts/consul-server/requirements.yaml
+++ b/kubernetes/consul/charts/consul-server/requirements.yaml
@@ -15,7 +15,7 @@
 
 dependencies:
   - name: common
-    version: ~6.x-0
+    version: ~7.x-0
     # local reference to common chart, as it is
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
diff --git a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
index 882e98fea3..16fda3a510 100644
--- a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
+++ b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
@@ -41,7 +41,10 @@ spec:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
       containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        securityContext:
+          runAsUser: {{ .Values.securityContext.runAsUser }}
+          runAsGroup: {{ .Values.securityContext.runAsGroup }}
         command: ["/usr/local/bin/docker-entrypoint.sh"]
         args:
         - "agent"
diff --git a/kubernetes/consul/charts/consul-server/values.yaml b/kubernetes/consul/charts/consul-server/values.yaml
index 0039aa6654..48a26effd7 100644
--- a/kubernetes/consul/charts/consul-server/values.yaml
+++ b/kubernetes/consul/charts/consul-server/values.yaml
@@ -17,12 +17,13 @@
 #################################################################
 global:
   nodePortPrefix: 302
+  repository: nexus3.onap.org:10001
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: consul:1.0.6
+image: onap/oom/consul:2.1.0
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -86,3 +87,8 @@ resources:
       cpu: 1
       memory: 2Gi
   unlimited: {}
+
+securityContext:
+  fsGroup: 1000
+  runAsUser: 100
+  runAsGroup: 1000
diff --git a/kubernetes/consul/requirements.yaml b/kubernetes/consul/requirements.yaml
index 0b77abe706..2161e6e16e 100644
--- a/kubernetes/consul/requirements.yaml
+++ b/kubernetes/consul/requirements.yaml
@@ -15,11 +15,11 @@
 
 dependencies:
   - name: common
-    version: ~6.x-0
+    version: ~7.x-0
     # local reference to common chart, as it is
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
   - name: repositoryGenerator
-    version: ~6.x-0
+    version: ~7.x-0
     repository: '@local'
diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml
index be15ecbca6..31546abd49 100644
--- a/kubernetes/consul/templates/deployment.yaml
+++ b/kubernetes/consul/templates/deployment.yaml
@@ -39,15 +39,36 @@ spec:
     spec:
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
-      containers:
-      - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
+      initContainers:
+      - name: {{ include "common.name" . }}-chown
+        image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
         command:
-        - /bin/sh
-        - "-c"
+        - sh
+        args:
+        - -c
         - |
-          apk update && apk add jq
-          cp /tmp/consul/config/* /consul/config
-          /usr/local/bin/docker-entrypoint.sh agent -client 0.0.0.0 -enable-script-checks -retry-join {{ .Values.consulServer.nameOverride }}
+          cp -r -L /tmp/consul/config/* /consul/config/
+          chown -R {{ .Values.consulUID }}:{{ .Values.consulGID }} /consul/config
+          ls -la /consul/config
+        volumeMounts:
+        - mountPath: /tmp/consul/config
+          name: consul-agent-config
+        - mountPath: /consul/config
+          name: consul-agent-config-dir
+      containers:
+      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+        securityContext:
+          runAsUser: {{ .Values.securityContext.runAsUser }}
+          runAsGroup: {{ .Values.securityContext.runAsGroup }}
+        command:
+        - docker-entrypoint.sh
+        args:
+        - agent
+        - -client
+        - 0.0.0.0
+        - -enable-script-checks
+        - -retry-join
+        - {{ .Values.consulServer.nameOverride }}
         name: {{ include "common.name" . }}
         env:
           - name: SDNC_ODL_COUNT
@@ -55,14 +76,16 @@ spec:
           - name: SDNC_IS_PRIMARY_CLUSTER
             value: "{{ .Values.sdnc.config.isPrimaryCluster }}"
         volumeMounts:
-        - mountPath: /tmp/consul/config
-          name: consul-agent-config
+        - mountPath: /consul/config
+          name: consul-agent-config-dir
         - mountPath: /consul/scripts
           name: consul-agent-scripts-config
         - mountPath: /consul/certs
           name: consul-agent-certs-config
         resources: {{ include "common.resources" . | nindent 10 }}
       volumes:
+      - name: consul-agent-config-dir
+        emptyDir: {}
       - configMap:
           name: {{ include "common.fullname" . }}-configmap
         name: consul-agent-config
diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml
index faebd8db52..639e4eb7af 100644
--- a/kubernetes/consul/values.yaml
+++ b/kubernetes/consul/values.yaml
@@ -17,18 +17,23 @@
 #################################################################
 global:
   nodePortPrefix: 302
+  busyboxRepository: registry.hub.docker.com
+  busyboxImage: library/busybox:latest
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: oomk8s/consul:1.0.0
+image: onap/oom/consul:2.1.0
 pullPolicy: Always
 
 #subchart name
 consulServer:
   nameOverride: consul-server
 
+consulUID: 100
+consulGID: 1000
+
 # flag to enable debugging - application support required
 debugEnabled: false
 
@@ -99,3 +104,8 @@ sdnc:
   config:
     isPrimaryCluster: true
   replicaCount: 1
+
+securityContext:
+  fsGroup: 1000
+  runAsUser: 100
+  runAsGroup: 1000