[SDC] Bring back sdc onboarding volume mount permissions

Set the permissions of files in the sdc onboarding backend persistent volume for package certs to enable access by the process in the pod which now runs as non-root user (since SDC-2798)
Withdrawal of part of the change I2c895a8d8e7c25e11a2a1e997735d2e7b2d258aa
Commit https://gerrit.onap.org/r/c/oom/+/111513

Signed-off-by: Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>
Issue-ID: SDC-3385
Change-Id: I627922f80728ebf1e42a0c9b39d0e95fa3f7ec7c

diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
index 74757c7..9d14dfe 100644 (file)
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
@@ -92,6 +92,27 @@ spec:
             cpu: 3m
             memory: 20Mi
       {{- end }}
+      - name: volume-permissions
+        image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - sh
+        args:
+          - "-c"
+          - |
+            chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
+        securityContext:
+          runAsUser: 0
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-cert-storage
+            mountPath: "/onboard/cert"
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"