Set sdc onboarding volume mount permissions
Set the permissions of files in the sdc onboarding backend persistent volume for package certs to enable access by the process in the pod which now runs as non-root user (since SDC-2798)
Signed-off-by: MichaelMorris <michael.morris@est.tech>
Issue-ID: SDC-2981
Change-Id: I6113f14ca9933e2fec2b565768ed5afbe3c18f21
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
index 3db3685..108c781 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
@@ -70,6 +70,19 @@
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "/onboard/cert"
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"