Code Review / oom.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
[CONSUL] Make consul run as non-root
[oom.git] / kubernetes / consul / templates / deployment.yaml
diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml
index 6f1c579..eece2b7 100644 (file)
--- a/kubernetes/consul/templates/deployment.yaml
+++ b/kubernetes/consul/templates/deployment.yaml
@@ -41,7 +41,7 @@ spec:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
       initContainers:
       - name: {{ include "common.name" . }}-chown
-        image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
         command:
         - sh
         args:
@@ -56,11 +56,13 @@ spec:
         - mountPath: /consul/config
           name: consul-agent-config-dir
       containers:
-      - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - image: {{ include "common.repository" . }}/{{ .Values.image }}
+        securityContext:
+          runAsUser: {{ .Values.securityContext.runAsUser }}
+          runAsGroup: {{ .Values.securityContext.runAsGroup }}
         command:
-        - sh
+        - docker-entrypoint.sh
         args:
-        - /usr/local/bin/docker-entrypoint.sh
         - agent
         - -client
         - 0.0.0.0
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).