From 8d8c9b9333a8a00f16d74684e74632334198cb25 Mon Sep 17 00:00:00 2001 From: Jack Lucas Date: Mon, 30 Mar 2020 15:56:46 -0400 Subject: Update MOD component versions Use images that do not run as root Issue-ID: DCAEGEN2-2170 Signed-off-by: Jack Lucas Change-Id: I5766128c6005ba0087f8eb469e74386c4c9f310b --- .../dcaemod-genprocessor/templates/deployment.yaml | 15 +++++++++++++++ .../dcaemod/components/dcaemod-genprocessor/values.yaml | 10 +++++----- 2 files changed, 20 insertions(+), 5 deletions(-) (limited to 'kubernetes/dcaemod/components/dcaemod-genprocessor') diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml index 6b15abe909..a4afe05c95 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml @@ -24,6 +24,21 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + initContainers: + # apps run as uid 1000, gid 1000 + # the volume is mounted with root permissions + # this initContainer changes ownership to uid 1000 gid 1000 + # (tried using a securityContext in the pod spec, but it didn't seem to work) + - name: set-permissions + image: busybox:latest + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + - -c + - chown -R 1000:1000 /genprocessor-data + volumeMounts: + - mountPath: /genprocessor-data + name: genprocessor-data containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml index 7096a16a1b..37bb861235 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml @@ -30,26 +30,26 @@ global: enabled: false config: - onboardingAPIURL: http://dcaemod-onboarding-api/onboarding + onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.0 -httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.0 +image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.1 +httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.1 service: type: ClusterIP name: dcaemod-genprocessor ports: - name: http - port: 80 + port: 8080 ingress: enabled: true service: - baseaddr: "nifi-jars" name: dcaemod-genprocessor - port: 80 + port: 8080 config: ssl: "none" -- cgit 1.2.3-korg