Set the permissions of files in the sdc onboarding backend persistent volume for package certs to enable access by the process in the pod which now runs as non-root user (since SDC-2798)
Withdrawal of part of the change I2c895a8d8e7c25e11a2a1e997735d2e7b2d258aa
Commit https://gerrit.onap.org/r/c/oom/+/111513
Signed-off-by: Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>
Issue-ID: SDC-3385
Change-Id: I627922f80728ebf1e42a0c9b39d0e95fa3f7ec7c
cpu: 3m
memory: 20Mi
{{- end }}
cpu: 3m
memory: 20Mi
{{- end }}
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "/onboard/cert"
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"