From 67970058e2fa63526ce867a6880c4402d8b736f5 Mon Sep 17 00:00:00 2001
From: "sunil.unnava" <sunil.unnava@att.com>
Date: Wed, 10 Apr 2019 13:09:52 -0400
Subject: run mr containers as non root user

Issue-ID: DMAAP-1040
Change-Id: I62d788b1245f94de6de58450933476fff576fc18
Signed-off-by: sunil.unnava <sunil.unnava@att.com>
---
 .../message-router-kafka/templates/statefulset.yaml       | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml')

diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
index cc8fd5a93c..5e964231de 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
@@ -70,6 +70,17 @@ spec:
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      - command:
+        -  sh
+        - -exec
+        - |
+          chown -R 1000:1000 /opt/kafka/data;
+        image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /opt/kafka/data
+          name: kafka-data
+        name: {{ include "common.name" . }}-permission-fixer
       containers:
       - name: {{ include "common.name" .  }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -124,7 +135,7 @@ spec:
         - name: aaf_locate_url
           value: "https://aaf-locate:8095"
         - name: KAFKA_LOG_DIRS
-          value: "kafka/logs"
+          value: "/opt/kafka/data"
         - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
           value: "{{ .Values.replicaCount }}"
         - name: KAFKA_DEFAULT_REPLICATION_FACTOR
@@ -137,7 +148,7 @@ spec:
           readOnly: true
         - mountPath: /var/run/docker.sock
           name: docker-socket
-        - mountPath: /kafka
+        - mountPath: /opt/kafka/data
           name: kafka-data
       {{- if .Values.tolerations }}
       tolerations:
-- 
cgit 1.2.3-korg