Code Review
/
oom.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Run SDC pods as non-root
[oom.git]
/
kubernetes
/
sdc
/
charts
/
sdc-be
/
templates
/
deployment.yaml
diff --git
a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
index
063e2d8
..
87fed41
100644
(file)
--- a/
kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
+++ b/
kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
@@
-21,7
+21,7
@@
metadata:
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{
.Release.Name
}}
+ release: {{
include "common.release" .
}}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
@@
-29,7
+29,7
@@
spec:
metadata:
labels:
app: {{ include "common.name" . }}
metadata:
labels:
app: {{ include "common.name" . }}
- release: {{
.Release.Name
}}
+ release: {{
include "common.release" .
}}
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
@@
-53,7
+53,7
@@
spec:
- /root/job_complete.py
args:
- --job-name
- /root/job_complete.py
args:
- --job-name
- - {{
.Release.Name
}}-sdc-onboarding-be-cassandra-init
+ - {{
include "common.release" .
}}-sdc-onboarding-be-cassandra-init
env:
- name: NAMESPACE
valueFrom:
env:
- name: NAMESPACE
valueFrom:
@@
-69,18
+69,21
@@
spec:
- containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
- containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
- exec:
- command:
- - "/var/lib/ready-probe.sh"
+ httpGet:
+ path: /sdc2/rest/healthCheck
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTPS
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end }}
readinessProbe:
exec:
command:
{{ end }}
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/
jetty/
ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
resources:
{{ include "common.resources" . | indent 12 }}
env:
resources:
{{ include "common.resources" . | indent 12 }}
env:
@@
-96,7
+99,7
@@
spec:
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /
root
/chef-solo/environments/
+ mountPath: /
var/lib/jetty
/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@
-127,7
+130,7
@@
spec:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
- name: {{
.Release.Name
}}-sdc-filebeat-configmap
+ name: {{
include "common.release" .
}}-sdc-filebeat-configmap
- name: {{ include "common.fullname" . }}-data-filebeat
emptyDir: {}
- name: {{ include "common.fullname" . }}-logback
- name: {{ include "common.fullname" . }}-data-filebeat
emptyDir: {}
- name: {{ include "common.fullname" . }}-logback
@@
-135,7
+138,7
@@
spec:
name : {{ include "common.fullname" . }}-logging-configmap
- name: {{ include "common.fullname" . }}-environments
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
- name: {{ include "common.fullname" . }}-environments
configMap:
- name: {{
.Release.Name
}}-sdc-environments-configmap
+ name: {{
include "common.release" .
}}-sdc-environments-configmap
defaultMode: 0755
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
defaultMode: 0755
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}