commit abc56a9072c7ae86f269db32318e92832df53085
author Mark Beierl <mark.beierl@canonical.com> Fri Feb 11 08:56:32 2022 -0500
committer Mark Beierl <mark.beierl@canonical.com> Fri Feb 11 08:56:32 2022 -0500
tree daed07b5f27ee2f439755993acdd0d005fec9770
parent 31b27b3fcf85090348d49ce5f134a08a3e4c62e5

Fix 1704 - Adding non-root user to run LCM

Change-Id: Ic250be888be01b53a2e71127ddd1d2a5cc0edb03
Signed-off-by: Mark Beierl <mark.beierl@canonical.com>

installers/docker/osm_pods/lcm.yaml

diff --git a/installers/docker/osm_pods/lcm.yaml b/installers/docker/osm_pods/lcm.yaml
index 517c069..f52d724 100644
--- a/installers/docker/osm_pods/lcm.yaml
+++ b/installers/docker/osm_pods/lcm.yaml
@@ -31,6 +31,10 @@
       labels:
         app: lcm
     spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
       initContainers:
        - name: kafka-ro-mongo-test
          image: alpine:latest
@@ -55,11 +59,4 @@
           value: mongodb://mongodb-k8s:27017/?replicaSet=rs0
         envFrom:
         - secretRef:
-           name: lcm-secret
-        volumeMounts:
-        - name: osm-packages
-          mountPath: /app/storage
-      volumes:
-      - name: osm-packages
-        hostPath:
-         path: /var/lib/osm/osm_osm_packages/_data
+            name: lcm-secret