From 82f041d3a261436735c4206f2c3630ccb294c31a Mon Sep 17 00:00:00 2001
From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Thu, 25 Feb 2021 14:17:55 +0100
Subject: [PATCH] [COMMON][READINESS] Fix user and group

readiness check can be launched in a lot of various situation.
Especially, it can be runned on deployments / statefulsets where the
user and group are fixed.
But python code underneath can work only when user is set to "onap" as
requirements are installed only for this specific user.
This patch forces the user and group to the desired one.

Issue-ID: OOM-2694
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie70f8e851c30f530fd7a0d6e34ee5bda9274e874
---
 kubernetes/common/readinessCheck/templates/_readinessCheck.tpl | 3 +++
 kubernetes/common/readinessCheck/values.yaml                   | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index 95de6ec29f..71201a1cc6 100644
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -67,6 +67,9 @@
 - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness
   image: {{ include "repositoryGenerator.image.readiness" $subchartDot }}
   imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+  securityContext:
+    runAsUser: {{ $subchartDot.Values.user }}
+    runAsGroup: {{ $subchartDot.Values.group }}
   command:
   - /app/ready.py
   args:
diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml
index b15b1c2af3..128c5057cc 100644
--- a/kubernetes/common/readinessCheck/values.yaml
+++ b/kubernetes/common/readinessCheck/values.yaml
@@ -15,6 +15,9 @@
 global:
   pullPolicy: Always
 
+user: 100
+group: 65533
+
 limits:
   cpu: 100m
   memory: 100Mi
-- 
2.16.6