Code Review / oom.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
[CONSUL] Make consul run as non-root
[oom.git] / kubernetes / consul / charts / consul-server / templates / statefulset.yaml
diff --git a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
index d572ec2..872ef13 100644 (file)
--- a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
+++ b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml
@@ -42,10 +42,11 @@ spec:
       containers:
       - name: {{ include "common.name" . }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-        command:
-        - sh
+        securityContext:
+          runAsUser: {{ .Values.securityContext.runAsUser }}
+          runAsGroup: {{ .Values.securityContext.runAsGroup }}
+        command: ["/usr/local/bin/docker-entrypoint.sh"]
         args:
-        - /usr/local/bin/docker-entrypoint.sh
         - "agent"
         - "-bootstrap-expect={{ .Values.replicaCount }}"
         - "-enable-script-checks"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).