Run SDC pods as non-root Change-Id: Id8626c02f4c8bf3e1da406920169c0ed6bee457f Issue-ID: SDC-2798 Signed-off-by: MichaelMorris <michael.morris@est.tech>

commit: b137f7e426b7556a05d1222716d1870ce9dad72c [log] [tgz]
author: MichaelMorris <michael.morris@est.tech> Sun Mar 15 17:44:48 2020 +0000
committer: Ofir Sonsino <ofir.sonsino@intl.att.com> Sun Mar 22 10:26:38 2020 +0000
tree: ded0f60e0b3e4c7dde036887b407be9443ab37f3
parent: 32f9aaa9b02da0cc442d83c5413684ddc9674381 [diff] [blame]
diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-be/templates/job.yaml
index 994c407..4b5ec51 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/job.yaml

@@ -53,7 +53,9 @@
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         - name: {{ include "common.fullname" . }}-environments
-          mountPath: /root/chef-solo/environments/
+          mountPath: /home/sdc/chef-solo/environments/
+        - name: sdc-logs
+          mountPath: /var/lib/jetty/logs
         env:
         - name: ENVNAME
           value: {{ .Values.global.env.name }}
@@ -66,6 +68,8 @@
           configMap:
             name: {{ include "common.release" . }}-sdc-environments-configmap
             defaultMode: 0755
+        - name: sdc-logs
+          emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
       restartPolicy: Never
commit	b137f7e426b7556a05d1222716d1870ce9dad72c	[log] [tgz]
author	MichaelMorris <michael.morris@est.tech>	Sun Mar 15 17:44:48 2020 +0000
committer	Ofir Sonsino <ofir.sonsino@intl.att.com>	Sun Mar 22 10:26:38 2020 +0000
tree	ded0f60e0b3e4c7dde036887b407be9443ab37f3
parent	32f9aaa9b02da0cc442d83c5413684ddc9674381 [diff] [blame]