From 67970058e2fa63526ce867a6880c4402d8b736f5 Mon Sep 17 00:00:00 2001
From: "sunil.unnava" <sunil.unnava@att.com>
Date: Wed, 10 Apr 2019 13:09:52 -0400
Subject: [PATCH] run mr containers as non root user

Issue-ID: DMAAP-1040
Change-Id: I62d788b1245f94de6de58450933476fff576fc18
Signed-off-by: sunil.unnava <sunil.unnava@att.com>
---
 .../message-router-kafka/templates/statefulset.yaml       | 15 +++++++++++++--
 .../charts/message-router-kafka/values.yaml               |  5 ++++-
 .../charts/message-router-mirrormaker/values.yaml         |  2 +-
 .../message-router-zookeeper/templates/statefulset.yaml   | 11 ++++++-----
 .../charts/message-router-zookeeper/values.yaml           |  2 +-
 kubernetes/dmaap/components/message-router/values.yaml    |  2 +-
 6 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
index cc8fd5a93c..5e964231de 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
@@ -70,6 +70,17 @@ spec:
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      - command:
+        -  sh
+        - -exec
+        - |
+          chown -R 1000:1000 /opt/kafka/data;
+        image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /opt/kafka/data
+          name: kafka-data
+        name: {{ include "common.name" . }}-permission-fixer
       containers:
       - name: {{ include "common.name" .  }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -124,7 +135,7 @@ spec:
         - name: aaf_locate_url
           value: "https://aaf-locate:8095"
         - name: KAFKA_LOG_DIRS
-          value: "kafka/logs"
+          value: "/opt/kafka/data"
         - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
           value: "{{ .Values.replicaCount }}"
         - name: KAFKA_DEFAULT_REPLICATION_FACTOR
@@ -137,7 +148,7 @@ spec:
           readOnly: true
         - mountPath: /var/run/docker.sock
           name: docker-socket
-        - mountPath: /kafka
+        - mountPath: /opt/kafka/data
           name: kafka-data
       {{- if .Values.tolerations }}
       tolerations:
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
index 5b83bb0a55..9f92610502 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
@@ -30,9 +30,12 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:0.0.5
+image: onap/dmaap/kafka111:0.0.6
 pullPolicy: Always
 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+busyBoxImage: busybox:1.30
+busyBoxRepository: docker.io
+
 
 zookeeper:
   name: message-router-zookeeper
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml
index 2fbd884ab8..f630e9489b 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml
@@ -30,7 +30,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:0.0.5
+image: onap/dmaap/kafka111:0.0.6
 pullPolicy: Always
 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
 
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
index b2f9f13e67..6c15783c3d 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
@@ -58,18 +58,19 @@ spec:
         - /bin/bash
         - -c
         - >
-          if [ -d /tmp/topics/version-2 ]; then
+          if [ -d /tmp/zookeeper/topics/version-2 ]; then
           echo "nothing to do";
           else
-          git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit;
-          echo "Clone complete. Copying from /tmp/gerrit/oom-projects/data-zookeeper/* to /tmp/topics";
-          cp -var /tmp/gerrit/oom-topics/data-zookeeper/* /tmp/topics;
+          git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/zookeeper/gerrit;
+          echo "Clone complete. Copying from /tmp/zookeeper/gerrit/oom-projects/data-zookeeper/* to /tmp/zookeeper/topics";
+          cp -var /tmp/zookeeper/gerrit/oom-topics/data-zookeeper/* /tmp/zookeeper/topics;
+          chown -R 1000:1000 /tmp/zookeeper/topics;
           echo "Done.";
           fi
         image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
-        - mountPath: /tmp/topics
+        - mountPath: /tmp/zookeeper/topics
           name: zookeeper-data
       containers:
       - name: {{ include "common.name" . }}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
index 37a1babe17..22daf946bb 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
@@ -30,7 +30,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dmaap/zookeeper:3.0.0
+image: onap/dmaap/zookeeper:4.0.0
 pullPolicy: Always
 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
 
diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml
index 10ce59c0ac..b141207a03 100644
--- a/kubernetes/dmaap/components/message-router/values.yaml
+++ b/kubernetes/dmaap/components/message-router/values.yaml
@@ -28,7 +28,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-mr:1.1.11
+image: onap/dmaap/dmaap-mr:1.1.12
 pullPolicy: Always
 
 kafka:
-- 
2.16.6