- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- name: {{ include "common.fullname" . }}
mountPath: "/var/policy-management-service/database"
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-policy-conf-input
configMap:
mountPath: /dockerdata-nfs
mountSubPath: nonrtric/policymanagementservice
-
+#Pods Service Account
+serviceAccount:
+ nameOverride: a1policymanagement
+ roles:
+ - read
- aai_keystore
# application image
-image: onap/aai-schema-service:1.9.1
+image: onap/aai-schema-service:1.9.2
pullPolicy: Always
restartPolicy: Always
flavorOverride: small
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
+ initContainers:
+ - name: chowm-mount-path
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: {{ include "common.fullname" . }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
podSecurityContext: {}
# fsGroup: 2000
-securityContext: {}
+securityContext:
+ # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group)
+ runAsUser: 70
+ runAsGroup: 70
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
- # runAsUser: 1000
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_discovery:1.2.7
+image: onap/msb/msb_discovery:1.3.0
pullPolicy: Always
istioSidecar: true
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.2.8
+image: onap/msb/msb_apigateway:1.3.0
pullPolicy: Always
istioSidecar: true
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.2.8
+image: onap/msb/msb_apigateway:1.3.0
pullPolicy: Always
istioSidecar: true