19169bb458
To be able to run with the nobody user, an init container is used in the haproxy-anchor pod to change the ownership and permissions of '/host/etc/promenade/haproxy'. Security conext was included in 'etc/kubernetes/manifests/haproxy.yaml' and 'promenade/schemas/Genesis.yaml' schema was updated to included run_as_user property for haproxy pod. Change-Id: Id248face0be43c417284ceb781997634a9c4dd5e
28 lines
986 B
YAML
28 lines
986 B
YAML
{{/*
|
|
Copyright 2018 AT&T Intellectual Property. All other rights reserved.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: haproxy-bin
|
|
data:
|
|
anchor.sh: |
|
|
{{ tuple "bin/_anchor.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
|
pre_stop.sh: |
|
|
{{ tuple "bin/_pre_stop.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
|
perms_update.sh: |
|
|
{{ tuple "bin/_perms_update.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|