Code Review
/
oom.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Run SDC pods as non-root
[oom.git]
/
kubernetes
/
sdc
/
charts
/
sdc-onboarding-be
/
templates
/
deployment.yaml
diff --git
a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
index
ee5f78b
..
75779a3
100644
(file)
--- a/
kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/
kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
@@
-21,7
+21,7
@@
metadata:
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{
.Release.Name
}}
+ release: {{
include "common.release" .
}}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
@@
-29,7
+29,7
@@
spec:
metadata:
labels:
app: {{ include "common.name" . }}
metadata:
labels:
app: {{ include "common.name" . }}
- release: {{
.Release.Name
}}
+ release: {{
include "common.release" .
}}
spec:
initContainers:
- name: {{ include "common.name" . }}-job-completion
spec:
initContainers:
- name: {{ include "common.name" . }}-job-completion
@@
-39,7
+39,7
@@
spec:
- /root/job_complete.py
args:
- --job-name
- /root/job_complete.py
args:
- --job-name
- - {{
.Release.Name
}}-sdc-onboarding-be-cassandra-init
+ - {{
include "common.release" .
}}-sdc-onboarding-be-cassandra-init
env:
- name: NAMESPACE
valueFrom:
env:
- name: NAMESPACE
valueFrom:
@@
-55,17
+55,20
@@
spec:
- containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
- containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ exec:
+ command:
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end }}
readinessProbe:
exec:
command:
{{ end }}
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/
jetty/
ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
resources:
{{ include "common.resources" . | indent 12 }}
env:
resources:
{{ include "common.resources" . | indent 12 }}
env:
@@
-83,13
+86,15
@@
spec:
fieldPath: status.podIP
- name: SDC_USER
valueFrom:
fieldPath: status.podIP
- name: SDC_USER
valueFrom:
- secretKeyRef: {name: {{
.Release.Name
}}-sdc-cs-secrets, key: sdc_user}
+ secretKeyRef: {name: {{
include "common.release" .
}}-sdc-cs-secrets, key: sdc_user}
- name: SDC_PASSWORD
valueFrom:
- name: SDC_PASSWORD
valueFrom:
- secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password}
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
+ - name: SDC_CERT_DIR
+ value: {{ .Values.cert.certDir }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /
root
/chef-solo/environments/
+ mountPath: /
var/lib/jetty
/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@
-98,6
+103,8
@@
spec:
- name: {{ include "common.fullname" . }}-logback
mountPath: /tmp/logback.xml
subPath: logback.xml
- name: {{ include "common.fullname" . }}-logback
mountPath: /tmp/logback.xml
subPath: logback.xml
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "{{ .Values.cert.certDir }}"
lifecycle:
postStart:
exec:
lifecycle:
postStart:
exec:
@@
-120,7
+127,7
@@
spec:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
- name: {{
.Release.Name
}}-sdc-filebeat-configmap
+ name: {{
include "common.release" .
}}-sdc-filebeat-configmap
- name: {{ include "common.fullname" . }}-data-filebeat
emptyDir: {}
- name: {{ include "common.fullname" . }}-logback
- name: {{ include "common.fullname" . }}-data-filebeat
emptyDir: {}
- name: {{ include "common.fullname" . }}-logback
@@
-128,9
+135,12
@@
spec:
name : {{ include "common.fullname" . }}-logging-configmap
- name: {{ include "common.fullname" . }}-environments
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
- name: {{ include "common.fullname" . }}-environments
configMap:
- name: {{
.Release.Name
}}-sdc-environments-configmap
+ name: {{
include "common.release" .
}}-sdc-environments-configmap
defaultMode: 0755
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
defaultMode: 0755
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
+ - name: {{ include "common.fullname" . }}-cert-storage
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-cert
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"