From: econwar Date: Tue, 16 Apr 2019 08:02:13 +0000 (+0000) Subject: Allow dr-node containers to run as non-root X-Git-Tag: 4.0.0-ONAP~218^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=4d9f35fc0c9c437b00335a75bd0201572ebfa544 Allow dr-node containers to run as non-root Update image version to 2.1.0 that has year long certs Change-Id: If17c569c6db879b6fcee9221307560a54f9cb422 Issue-ID: DMAAP-1134 Signed-off-by: econwar --- diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties index f2896ccafa..08e3fd0018 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties @@ -83,11 +83,11 @@ KeyStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks # # The password for the https keystore # -KeyStorePassword=]3V)($O&.Mv]W{f8^]6SxGNL +KeyStorePassword=WGxd2P6MDo*Bi4+UdzWs{?$8 # # The password for the private key in the https keystore # -KeyPassword=]3V)($O&.Mv]W{f8^]6SxGNL +KeyPassword=WGxd2P6MDo*Bi4+UdzWs{?$8 # # The type of truststore for https # @@ -99,7 +99,7 @@ TrustStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks # # The password for the https truststore # -TrustStorePassword=(Rd,&{]%ePdp}4JZjqoJ2G+g +TrustStorePassword=)OBvCd{e{aWq.^mJJdX:S:1& # # The path to the file used to trigger an orderly shutdown # diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index ec31f3f750..de3324fe19 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -45,6 +45,15 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-permission-fixer + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.persistence.spoolPath }} + name: {{ include "common.fullname" . }}-spool-data-pvc + - mountPath: {{ .Values.persistence.eventLogsPath }} + name: {{ include "common.fullname" . }}-event-logs-pvc + command: ["chown","-Rf","1000:1001", "/opt/app/datartr"] containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index c6087e8852..3b1532f999 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -21,13 +21,15 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 loggingDirectory: /opt/app/datartr/logs + busyBoxImage: busybox:1.30 + busyBoxRepository: docker.io ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/datarouter-node:2.0.2 +image: onap/dmaap/datarouter-node:2.1.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties index 2b78b8eb2c..6a6f49cc24 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties @@ -25,14 +25,14 @@ #Jetty Server properties org.onap.dmaap.datarouter.provserver.http.port = {{.Values.config.dmaapDrProv.externalPort}} org.onap.dmaap.datarouter.provserver.https.port = {{.Values.config.dmaapDrProv.externalPort2}} -org.onap.dmaap.datarouter.provserver.https.relaxation = true +org.onap.dmaap.datarouter.provserver.https.relaxation = true -org.onap.dmaap.datarouter.provserver.keymanager.password = AT{];bvaDiytVD&oWhMZj0N5 +org.onap.dmaap.datarouter.provserver.keymanager.password = FZNkU,B%NJzcT1v7;^v]M#ZX org.onap.dmaap.datarouter.provserver.keystore.type = jks org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks -org.onap.dmaap.datarouter.provserver.keystore.password = AT{];bvaDiytVD&oWhMZj0N5 +org.onap.dmaap.datarouter.provserver.keystore.password = FZNkU,B%NJzcT1v7;^v]M#ZX org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks -org.onap.dmaap.datarouter.provserver.truststore.password = ljlS@Y}0]{UO(TnwvEWkgJ%] +org.onap.dmaap.datarouter.provserver.truststore.password = +mzf@J.D^;3!![*Xr.z$c#?b org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 3d65e911cf..7dca42e746 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/datarouter-prov:2.0.2 +image: onap/dmaap/datarouter-prov:2.1.0 pullPolicy: Always # flag to enable debugging - application support required