Use our helper template and k8s features to make mongodb run as a
non-root user as per Guiling requirements.
Issue-ID: DCAEGEN2-2424
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I44bc079a2cc49dc1b0f1da88e220290098e909d5
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+{{ include "common.podSecurityContext" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - docker-entrypoint.sh
+ args:
+ - --nounixsocket
env:
- name: MONGO_INITDB_DATABASE
value: "{{ .Values.config.dbName }}"
env:
- name: MONGO_INITDB_DATABASE
value: "{{ .Values.config.dbName }}"
mountPath: /var/lib/mongo
resources:
{{ include "common.resources" . | indent 12 }}
mountPath: /var/lib/mongo
resources:
{{ include "common.resources" . | indent 12 }}
+{{ include "common.containerSecurityContext" . | indent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
rpcbindPort: 111
rpcbindUdpPort: 111
rpcbindPort: 111
rpcbindUdpPort: 111
+securityContext:
+ user_id: 999
+ group_id: 999
+