From 8d8c9b9333a8a00f16d74684e74632334198cb25 Mon Sep 17 00:00:00 2001 From: Jack Lucas Date: Mon, 30 Mar 2020 15:56:46 -0400 Subject: [PATCH] Update MOD component versions Use images that do not run as root Issue-ID: DCAEGEN2-2170 Signed-off-by: Jack Lucas Change-Id: I5766128c6005ba0087f8eb469e74386c4c9f310b --- .../dcaemod/components/dcaemod-designtool/values.yaml | 4 ++-- .../components/dcaemod-distributor-api/values.yaml | 8 ++++---- .../dcaemod-genprocessor/templates/deployment.yaml | 15 +++++++++++++++ .../dcaemod/components/dcaemod-genprocessor/values.yaml | 10 +++++----- .../dcaemod/components/dcaemod-onboarding-api/values.yaml | 6 +++--- .../dcaemod/components/dcaemod-runtime-api/values.yaml | 2 +- 6 files changed, 30 insertions(+), 15 deletions(-) diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml index d9e00ace0f..f2320a1387 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml @@ -31,13 +31,13 @@ global: enabled: false config: - nifiJarsIndexURL: http://dcaemod-genprocessor/nifi-jars + nifiJarsIndexURL: http://dcaemod-genprocessor:8080/nifi-jars distributorAPIURL: /distributor curlImage: curlimages/curl:7.68.0 # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.0 +image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.2 service: type: ClusterIP diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml index 3d9c377885..16bb8a9ff3 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml @@ -32,25 +32,25 @@ global: config: nifiRegistryURL: http://dcaemod-nifi-registry:18080/nifi-registry-api - onboardingAPIURL: http://dcaemod-onboarding-api/onboarding + onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.0 +image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.1 service: type: ClusterIP name: dcaemod-distributor-api ports: - name: http - port: 80 + port: 8080 ingress: enabled: true service: - baseaddr: "distributor" name: dcaemod-distributor-api - port: 80 + port: 8080 config: ssl: "none" diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml index 6b15abe909..a4afe05c95 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml @@ -24,6 +24,21 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + initContainers: + # apps run as uid 1000, gid 1000 + # the volume is mounted with root permissions + # this initContainer changes ownership to uid 1000 gid 1000 + # (tried using a securityContext in the pod spec, but it didn't seem to work) + - name: set-permissions + image: busybox:latest + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + - -c + - chown -R 1000:1000 /genprocessor-data + volumeMounts: + - mountPath: /genprocessor-data + name: genprocessor-data containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml index 7096a16a1b..37bb861235 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml @@ -30,26 +30,26 @@ global: enabled: false config: - onboardingAPIURL: http://dcaemod-onboarding-api/onboarding + onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.0 -httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.0 +image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.1 +httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.1 service: type: ClusterIP name: dcaemod-genprocessor ports: - name: http - port: 80 + port: 8080 ingress: enabled: true service: - baseaddr: "nifi-jars" name: dcaemod-genprocessor - port: 80 + port: 8080 config: ssl: "none" diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml index 656fd69742..28e79a1593 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -47,13 +47,13 @@ service: name: dcaemod-onboarding-api ports: - name: http - port: 80 + port: 8080 ingress: enabled: true service: - baseaddr: "onboarding" name: dcaemod-onboarding-api - port: 80 + port: 8080 config: ssl: "none" @@ -93,7 +93,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.0 +image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.1 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index a56552e6c0..d5da039ad1 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -72,7 +72,7 @@ readiness: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.1 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.2 # Resource Limit flavor -By Default using small flavor: small -- 2.16.6