From 8d8c9b9333a8a00f16d74684e74632334198cb25 Mon Sep 17 00:00:00 2001
From: Jack Lucas <jflucas@research.att.com>
Date: Mon, 30 Mar 2020 15:56:46 -0400
Subject: Update MOD component versions

Use images that do not run as root

Issue-ID: DCAEGEN2-2170
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Change-Id: I5766128c6005ba0087f8eb469e74386c4c9f310b
---
 .../dcaemod-genprocessor/templates/deployment.yaml        | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'kubernetes/dcaemod/components/dcaemod-genprocessor/templates')

diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
index 6b15abe909..a4afe05c95 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
@@ -24,6 +24,21 @@ spec:
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
+      initContainers:
+        # apps run as uid 1000, gid 1000
+        # the volume is mounted with root permissions
+        # this initContainer changes ownership to uid 1000 gid 1000
+        # (tried using a securityContext in the pod spec, but it didn't seem to work)
+          - name: set-permissions
+            image: busybox:latest
+            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+            command:
+              - sh
+              - -c
+              - chown -R 1000:1000 /genprocessor-data
+            volumeMounts:
+            - mountPath: /genprocessor-data
+              name: genprocessor-data
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-- 
cgit 1.2.3-korg