Merge "Allow dr-node containers to run as non-root"

[oom.git] / kubernetes / dmaap / components / dmaap-dr-node / templates / statefulset.yaml

diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 3e0e69e..a508886 100644 (file)
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -45,6 +45,15 @@ spec:
               fieldRef:
                 apiVersion: v1
                 fieldPath: metadata.namespace
+        - name: {{ include "common.name" . }}-permission-fixer
+          image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts:
+          - mountPath: {{ .Values.persistence.spoolPath }}
+            name: {{ include "common.fullname" . }}-spool-data-pvc
+          - mountPath: {{ .Values.persistence.eventLogsPath }}
+            name: {{ include "common.fullname" . }}-event-logs-pvc
+          command: ["chown","-Rf","1000:1001", "/opt/app/datartr"]
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -73,14 +82,17 @@ spec:
             name: localtime
             readOnly: false
           - mountPath: /opt/app/datartr/etc/dedicatedFeed.json
+            name: {{ include "common.fullname" . }}-create-feed-config
             subPath: dedicatedFeed.json
-            name: create-feed
           - mountPath: /opt/app/datartr/etc/createFeed.sh
+            name: {{ include "common.fullname" . }}-create-feed-config
             subPath: createFeed.sh
-            name: create-feed
           - mountPath: /opt/app/datartr/etc/node.properties
+            name: {{ include "common.fullname" . }}-config
             subPath: node.properties
-            name: node-props
+          - mountPath: /opt/app/datartr/etc/drNodeCadi.properties
+            name: {{ include "common.fullname" . }}-config
+            subPath: drNodeCadi.properties
           lifecycle:
             postStart:
               exec:
@@ -97,7 +109,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
         # Filebeat sidecar container
-        - name: {{ include "common.fullname" . }}-filebeat-onap
+        - name: {{ include "common.name" . }}-filebeat-onap
           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
@@ -114,19 +126,29 @@ spec:
         - name: localtime
           hostPath:
             path: /etc/localtime
-        - name: create-feed
+        - name: {{ include "common.fullname" . }}-create-feed-config
           configMap:
             name: {{ include "common.fullname" . }}-create-feed-configmap
             defaultMode: 0755
-        - name: node-props
+            items:
+            - key: createFeed.sh
+              path: createFeed.sh
+            - key: dedicatedFeed.json
+              path: dedicatedFeed.json
+        - name: {{ include "common.fullname" . }}-config
           configMap:
-            name: {{ include "common.fullname" . }}-node-props-configmap
+            name: {{ include "common.fullname" . }}-configmap
+            items:
+            - key: node.properties
+              path: node.properties
+            - key: drNodeCadi.properties
+              path: drNodeCadi.properties
         - name: {{ include "common.fullname" . }}-log-conf
           configMap:
             name: {{ include "common.fullname" . }}-log
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
-            name: {{ include "common.fullname" . }}-dmaap-filebeat-configmap
+            name: {{ .Release.Name }}-dmaap-filebeat-configmap
         - name: {{ include "common.fullname" . }}-data-filebeat
           emptyDir: {}
         - name:  {{ include "common.fullname" . }}-event-logs-pvc