X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2Fmongo%2Ftemplates%2Fstatefulset.yaml;h=e156db27dbd55f09ce0d3f221ae3cbda5d9d0269;hb=e4aac7a3c577b7bb9eaae93387d482f952ee4b72;hp=ae373343d3b4239a46730c336cf8c5fca30f990e;hpb=e458f88788240c0bcf17e7085d5c1af488bc749c;p=oom.git

diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml
index ae373343d3..e156db27db 100644
--- a/kubernetes/common/mongo/templates/statefulset.yaml
+++ b/kubernetes/common/mongo/templates/statefulset.yaml
@@ -14,7 +14,7 @@
 # limitations under the License.
 */}}
 
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: {{ include "common.fullname" . }}
@@ -27,16 +27,43 @@ metadata:
 spec:
   serviceName: {{ .Values.service.name }}
   replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   template:
     metadata:
       labels:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
+{{ include "common.podSecurityContext" . | indent 6 }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      initContainers:
+        # we shouldn't need this but for unknown reason, it's fsGroup is not
+        # applied
+        - name: fix-permission
+          command:
+            - /bin/sh
+          args:
+            - -c
+            - |
+              chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data
+          image: {{ include "repositoryGenerator.image.busybox" . }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            runAsUser: 0
+          volumeMounts:
+            - name: {{ include "common.fullname" . }}-data
+              mountPath: /data
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+          - docker-entrypoint.sh
+          args:
+          - --nounixsocket
           env:
             - name: MONGO_INITDB_DATABASE
               value: "{{ .Values.config.dbName }}"
@@ -62,9 +89,9 @@ spec:
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-data
-            mountPath: /var/lib/mongo
-          resources:
-{{ include "common.resources" . | indent 12 }}
+            mountPath: /data/db
+          resources: {{ include "common.resources" . | nindent 12 }}
+{{ include "common.containerSecurityContext" . | indent 10 }}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}