Fix 1703 - Adding non-root user to run NBI The idea behind this is to run NBI as a non-root user for security reasons. This required the creation of a new user in the container image and setting permissions acordingly. Change-Id: Idf967204b19818ad623c67a19c134cd78a97b9dc Signed-off-by: beierlm <mark.beierl@canonical.com>

commit: e259b321ba575dee95274b3841d5063e54f75a97 [log] [tgz]
author: beierlm <mark.beierl@canonical.com> Tue Feb 15 11:30:56 2022 -0500
committer: beierlm <mark.beierl@canonical.com> Tue Feb 15 19:16:42 2022 +0100
tree: 55ec6d90973ad92e33815808ac0ca77c0acf49cf
parent: 026b356fb9f1bb9629cea9c56c7adc9ec2df1f36 [diff]
diff --git a/installers/docker/osm_pods/nbi.yaml b/installers/docker/osm_pods/nbi.yaml
index 54f7257..7b3616e 100644
--- a/installers/docker/osm_pods/nbi.yaml
+++ b/installers/docker/osm_pods/nbi.yaml

@@ -44,6 +44,10 @@
       labels:
         app: nbi
     spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
       initContainers:
       - name: kafka-mongo-test
         image: alpine:latest
@@ -70,10 +74,3 @@
         envFrom:
         - secretRef:
            name: nbi-secret
-        volumeMounts:
-         - name: osm-packages
-           mountPath: /app/storage
-      volumes:
-       - name: osm-packages
-         hostPath:
-          path: /var/lib/osm/osm_osm_packages/_data
commit	e259b321ba575dee95274b3841d5063e54f75a97	[log] [tgz]
author	beierlm <mark.beierl@canonical.com>	Tue Feb 15 11:30:56 2022 -0500
committer	beierlm <mark.beierl@canonical.com>	Tue Feb 15 19:16:42 2022 +0100
tree	55ec6d90973ad92e33815808ac0ca77c0acf49cf
parent	026b356fb9f1bb9629cea9c56c7adc9ec2df1f36 [diff]