Fix bug 1703 - Adding non-root user to run NBI The idea behind this is to run NBI as a non-root user for security reasons. This required the creation of a new user in the container image and setting permissions acordingly. Change-Id: I9c8105b9b648c79643940994e51815118b9bbbe7 Signed-off-by: sousaedu <eduardo.sousa@canonical.com> (cherry picked from commit a8e75d03f48d0a7d7ae7c18f8151ef2e244a787d)

commit: 2ccb4dff76bef5f2e5e30f79831925889f1e7364 [log] [tgz]
author: sousaedu <eduardo.sousa@canonical.com> Thu Sep 30 14:07:57 2021 +0100
committer: beierlm <mark.beierl@canonical.com> Fri Feb 11 17:00:34 2022 +0100
tree: 2221c0b7bc19f6dbe1f83b2e5af91af58d26848b
parent: bcde9e66b4e89695594dfe29dfbe7172e48dc0fe [diff]
diff --git a/installers/docker/osm_pods/nbi.yaml b/installers/docker/osm_pods/nbi.yaml
index 2978082..bbdf645 100644
--- a/installers/docker/osm_pods/nbi.yaml
+++ b/installers/docker/osm_pods/nbi.yaml

@@ -44,6 +44,10 @@
       labels:
         app: nbi
     spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
       initContainers:
       - name: kafka-mongo-test
         image: alpine:latest
@@ -70,10 +74,3 @@
         envFrom:
         - secretRef:
            name: nbi-secret
-        volumeMounts:
-         - name: osm-packages
-           mountPath: /app/storage
-      volumes:
-       - name: osm-packages
-         hostPath:
-          path: /var/lib/osm/osm_osm_packages/_data
commit	2ccb4dff76bef5f2e5e30f79831925889f1e7364	[log] [tgz]
author	sousaedu <eduardo.sousa@canonical.com>	Thu Sep 30 14:07:57 2021 +0100
committer	beierlm <mark.beierl@canonical.com>	Fri Feb 11 17:00:34 2022 +0100
tree	2221c0b7bc19f6dbe1f83b2e5af91af58d26848b
parent	bcde9e66b4e89695594dfe29dfbe7172e48dc0fe [diff]