From 4d9f35fc0c9c437b00335a75bd0201572ebfa544 Mon Sep 17 00:00:00 2001 From: econwar Date: Tue, 16 Apr 2019 08:02:13 +0000 Subject: Allow dr-node containers to run as non-root Update image version to 2.1.0 that has year long certs Change-Id: If17c569c6db879b6fcee9221307560a54f9cb422 Issue-ID: DMAAP-1134 Signed-off-by: econwar --- .../components/dmaap-dr-node/resources/config/node.properties | 6 +++--- .../dmaap/components/dmaap-dr-node/templates/statefulset.yaml | 9 +++++++++ kubernetes/dmaap/components/dmaap-dr-node/values.yaml | 4 +++- 3 files changed, 15 insertions(+), 4 deletions(-) (limited to 'kubernetes/dmaap/components/dmaap-dr-node') diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties index f2896ccafa..08e3fd0018 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties @@ -83,11 +83,11 @@ KeyStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks # # The password for the https keystore # -KeyStorePassword=]3V)($O&.Mv]W{f8^]6SxGNL +KeyStorePassword=WGxd2P6MDo*Bi4+UdzWs{?$8 # # The password for the private key in the https keystore # -KeyPassword=]3V)($O&.Mv]W{f8^]6SxGNL +KeyPassword=WGxd2P6MDo*Bi4+UdzWs{?$8 # # The type of truststore for https # @@ -99,7 +99,7 @@ TrustStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks # # The password for the https truststore # -TrustStorePassword=(Rd,&{]%ePdp}4JZjqoJ2G+g +TrustStorePassword=)OBvCd{e{aWq.^mJJdX:S:1& # # The path to the file used to trigger an orderly shutdown # diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index ec31f3f750..de3324fe19 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -45,6 +45,15 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-permission-fixer + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.persistence.spoolPath }} + name: {{ include "common.fullname" . }}-spool-data-pvc + - mountPath: {{ .Values.persistence.eventLogsPath }} + name: {{ include "common.fullname" . }}-event-logs-pvc + command: ["chown","-Rf","1000:1001", "/opt/app/datartr"] containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index c6087e8852..3b1532f999 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -21,13 +21,15 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 loggingDirectory: /opt/app/datartr/logs + busyBoxImage: busybox:1.30 + busyBoxRepository: docker.io ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/datarouter-node:2.0.2 +image: onap/dmaap/datarouter-node:2.1.0 pullPolicy: Always # flag to enable debugging - application support required -- cgit 1.2.3-korg