Run SDC pods as non-root

[oom.git] / kubernetes / sdc / charts / sdc-be / templates / job.yaml

diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-be/templates/job.yaml
index 994c407..4b5ec51 100644 (file)
--- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/job.yaml
@@ -53,7 +53,9 @@ spec:
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-environments
-          mountPath: /root/chef-solo/environments/
+          mountPath: /home/sdc/chef-solo/environments/
+        - name: sdc-logs
+          mountPath: /var/lib/jetty/logs
         env:
         - name: ENVNAME
           value: {{ .Values.global.env.name }}
@@ -66,6 +68,8 @@ spec:
           configMap:
             name: {{ include "common.release" . }}-sdc-environments-configmap
             defaultMode: 0755
+        - name: sdc-logs
+          emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
       restartPolicy: Never