Code Review / oom.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "[DMAAP] DMaaP ServiceMesh compatibility"
[oom.git] / kubernetes / dcaemod / components / dcaemod-genprocessor / templates / deployment.yaml
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
index 6b15abe..26f6586 100644 (file)
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
@@ -14,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ============LICENSE_END=========================================================
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -24,9 +26,24 @@ spec:
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
+      initContainers:
+        # apps run as uid 1000, gid 1000
+        # the volume is mounted with root permissions
+        # this initContainer changes ownership to uid 1000 gid 1000
+        # (tried using a securityContext in the pod spec, but it didn't seem to work)
+          - name: set-permissions
+            image: {{ include "repositoryGenerator.image.busybox" . }}
+            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+            command:
+              - sh
+              - -c
+              - chown -R 1000:1000 /genprocessor-data
+            volumeMounts:
+            - mountPath: /genprocessor-data
+              name: genprocessor-data
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
@@ -49,12 +66,13 @@ spec:
               name: genprocessor-data
           resources: {{ include "common.resources" . | nindent 12 }}
         - name: {{ include "common.name" . }}-http
-          image: "{{ include "common.repository" . }}/{{ .Values.httpImage }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.httpImage }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           volumeMounts:
             - mountPath: /www/data
               name: genprocessor-data
               readOnly: true
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
       - name: genprocessor-data
         persistentVolumeClaim:
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).