From b137f7e426b7556a05d1222716d1870ce9dad72c Mon Sep 17 00:00:00 2001
From: MichaelMorris <michael.morris@est.tech>
Date: Sun, 15 Mar 2020 17:44:48 +0000
Subject: Run SDC pods as non-root

Change-Id: Id8626c02f4c8bf3e1da406920169c0ed6bee457f
Issue-ID: SDC-2798
Signed-off-by: MichaelMorris <michael.morris@est.tech>
---
 kubernetes/sdc/charts/sdc-be/templates/deployment.yaml | 4 ++--
 kubernetes/sdc/charts/sdc-be/templates/job.yaml        | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

(limited to 'kubernetes/sdc/charts/sdc-be/templates')

diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
index 1aa0010289..87fed417e6 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
@@ -80,7 +80,7 @@ spec:
           readinessProbe:
             exec:
               command:
-              - "/var/lib/ready-probe.sh"
+              - "/var/lib/jetty/ready-probe.sh"
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
@@ -99,7 +99,7 @@ spec:
                 fieldPath: status.podIP
           volumeMounts:
           - name: {{ include "common.fullname" . }}-environments
-            mountPath: /root/chef-solo/environments/
+            mountPath: /var/lib/jetty/chef-solo/environments/
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-be/templates/job.yaml
index 994c407955..4b5ec51976 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/job.yaml
@@ -53,7 +53,9 @@ spec:
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-environments
-          mountPath: /root/chef-solo/environments/
+          mountPath: /home/sdc/chef-solo/environments/
+        - name: sdc-logs
+          mountPath: /var/lib/jetty/logs
         env:
         - name: ENVNAME
           value: {{ .Values.global.env.name }}
@@ -66,6 +68,8 @@ spec:
           configMap:
             name: {{ include "common.release" . }}-sdc-environments-configmap
             defaultMode: 0755
+        - name: sdc-logs
+          emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
       restartPolicy: Never
-- 
cgit 1.2.3-korg