[COMMON][READINESS] Fix user and group

readiness check can be launched in a lot of various situation.
Especially, it can be runned on deployments / statefulsets where the
user and group are fixed.
But python code underneath can work only when user is set to "onap" as
requirements are installed only for this specific user.
This patch forces the user and group to the desired one.

Issue-ID: OOM-2694
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie70f8e851c30f530fd7a0d6e34ee5bda9274e874

diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index 95de6ec..71201a1 100644 (file)
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -67,6 +67,9 @@
 - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness
   image: {{ include "repositoryGenerator.image.readiness" $subchartDot }}
   imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+  securityContext:
+    runAsUser: {{ $subchartDot.Values.user }}
+    runAsGroup: {{ $subchartDot.Values.group }}
   command:
   - /app/ready.py
   args:

diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml
index b15b1c2..128c505 100644 (file)
--- a/kubernetes/common/readinessCheck/values.yaml
+++ b/kubernetes/common/readinessCheck/values.yaml
@@ -15,6 +15,9 @@
 global:
   pullPolicy: Always
 
+user: 100
+group: 65533
+
 limits:
   cpu: 100m
   memory: 100Mi