Run SDC pods as non-root

[oom.git] / kubernetes / sdc / charts / sdc-be / templates / deployment.yaml

diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
index 2d47f4b..87fed41 100644 (file)
--- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
@@ -21,7 +21,7 @@ metadata:
   labels:
     app: {{ include "common.name" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
+    release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
   replicas: {{ .Values.replicaCount }}
@@ -29,7 +29,7 @@ spec:
     metadata:
       labels:
         app: {{ include "common.name" . }}
-        release: {{ .Release.Name }}
+        release: {{ include "common.release" . }}
     spec:
       initContainers:
       - name: {{ include "common.name" . }}-readiness
@@ -53,7 +53,7 @@ spec:
         - /root/job_complete.py
         args:
         - --job-name
-        - {{ .Release.Name }}-sdc-onboarding-be-cassandra-init
+        - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
         env:
         - name: NAMESPACE
           valueFrom:
@@ -70,8 +70,9 @@ spec:
           {{ if eq .Values.liveness.enabled true }}
           livenessProbe:
             httpGet:
-              path: /sdc2/rest/version
-              port: {{ .Values.service.internalPort2 }}
+              path: /sdc2/rest/healthCheck
+              port: {{ .Values.service.internalPort }}
+              scheme: HTTPS
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
             timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
@@ -79,7 +80,7 @@ spec:
           readinessProbe:
             exec:
               command:
-              - "/var/lib/ready-probe.sh"
+              - "/var/lib/jetty/ready-probe.sh"
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
@@ -98,7 +99,7 @@ spec:
                 fieldPath: status.podIP
           volumeMounts:
           - name: {{ include "common.fullname" . }}-environments
-            mountPath: /root/chef-solo/environments/
+            mountPath: /var/lib/jetty/chef-solo/environments/
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -129,7 +130,7 @@ spec:
           path: /etc/localtime
       - name: {{ include "common.fullname" . }}-filebeat-conf
         configMap:
-          name: {{ .Release.Name }}-sdc-filebeat-configmap
+          name: {{ include "common.release" . }}-sdc-filebeat-configmap
       - name: {{ include "common.fullname" . }}-data-filebeat
         emptyDir: {}
       - name: {{ include "common.fullname" . }}-logback
@@ -137,7 +138,7 @@ spec:
           name : {{ include "common.fullname" . }}-logging-configmap
       - name: {{ include "common.fullname" . }}-environments
         configMap:
-          name: {{ .Release.Name }}-sdc-environments-configmap
+          name: {{ include "common.release" . }}-sdc-environments-configmap
           defaultMode: 0755
       - name:  {{ include "common.fullname" . }}-logs
         emptyDir: {}