X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fdcaemod%2Fcomponents%2Fdcaemod-genprocessor%2Ftemplates%2Fdeployment.yaml;h=26f6586688fe7050f66a663c59ddbdccd0a44320;hb=e4aac7a3c577b7bb9eaae93387d482f952ee4b72;hp=6b15abe9091fae25ca74ba78532465a4dccba7de;hpb=0cdf3ca3b4718191ef34cc855a78b0a187e5c86e;p=oom.git

diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
index 6b15abe909..26f6586688 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -24,9 +26,24 @@ spec:
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
+      initContainers:
+        # apps run as uid 1000, gid 1000
+        # the volume is mounted with root permissions
+        # this initContainer changes ownership to uid 1000 gid 1000
+        # (tried using a securityContext in the pod spec, but it didn't seem to work)
+          - name: set-permissions
+            image: {{ include "repositoryGenerator.image.busybox" . }}
+            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+            command:
+              - sh
+              - -c
+              - chown -R 1000:1000 /genprocessor-data
+            volumeMounts:
+            - mountPath: /genprocessor-data
+              name: genprocessor-data
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
@@ -49,12 +66,13 @@ spec:
               name: genprocessor-data
           resources: {{ include "common.resources" . | nindent 12 }}
         - name: {{ include "common.name" . }}-http
-          image: "{{ include "common.repository" . }}/{{ .Values.httpImage }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.httpImage }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
             - mountPath: /www/data
               name: genprocessor-data
               readOnly: true
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
       - name: genprocessor-data
         persistentVolumeClaim: