projects
/
osm
/
devops.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix bug 1707 - Adding non-root user to run POL
[osm/devops.git]
/
installers
/
charm
/
kafka-exporter
/
src
/
charm.py
diff --git
a/installers/charm/kafka-exporter/src/charm.py
b/installers/charm/kafka-exporter/src/charm.py
index
2147781
..
1316a4d
100755
(executable)
--- a/
installers/charm/kafka-exporter/src/charm.py
+++ b/
installers/charm/kafka-exporter/src/charm.py
@@
-52,7
+52,8
@@
class ConfigModel(ModelValidator):
ingress_class: Optional[str]
ingress_whitelist_source_range: Optional[str]
tls_secret_name: Optional[str]
ingress_class: Optional[str]
ingress_whitelist_source_range: Optional[str]
tls_secret_name: Optional[str]
- image_pull_policy: Optional[str]
+ image_pull_policy: str
+ security_context: bool
@validator("site_url")
def validate_site_url(cls, v):
@validator("site_url")
def validate_site_url(cls, v):
@@
-151,7
+152,10
@@
class KafkaExporterCharm(CharmedOsmBase):
"""
missing_relations = []
"""
missing_relations = []
- if self.kafka_client.is_missing_data_in_unit():
+ if (
+ self.kafka_client.is_missing_data_in_unit()
+ and self.kafka_client.is_missing_data_in_app()
+ ):
missing_relations.append("kafka")
if missing_relations:
missing_relations.append("kafka")
if missing_relations:
@@
-173,11
+177,16
@@
class KafkaExporterCharm(CharmedOsmBase):
self._check_missing_dependencies(config)
# Create Builder for the PodSpec
self._check_missing_dependencies(config)
# Create Builder for the PodSpec
- pod_spec_builder = PodSpecV3Builder()
+ pod_spec_builder = PodSpecV3Builder(
+ enable_security_context=config.security_context
+ )
# Build container
container_builder = ContainerV3Builder(
# Build container
container_builder = ContainerV3Builder(
- self.app.name, image_info, config.image_pull_policy
+ self.app.name,
+ image_info,
+ config.image_pull_policy,
+ run_as_non_root=config.security_context,
)
container_builder.add_port(name=self.app.name, port=PORT)
container_builder.add_http_readiness_probe(
)
container_builder.add_port(name=self.app.name, port=PORT)
container_builder.add_http_readiness_probe(
@@
-236,8
+245,6
@@
class KafkaExporterCharm(CharmedOsmBase):
ingress_resource = ingress_resource_builder.build()
pod_spec_builder.add_ingress_resource(ingress_resource)
ingress_resource = ingress_resource_builder.build()
pod_spec_builder.add_ingress_resource(ingress_resource)
- logger.debug(pod_spec_builder.build())
-
return pod_spec_builder.build()
return pod_spec_builder.build()