projects
/
osm
/
devops.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix bug 1703 - Adding non-root user to run NBI
[osm/devops.git]
/
installers
/
charm
/
zookeeper
/
src
/
charm.py
diff --git
a/installers/charm/zookeeper/src/charm.py
b/installers/charm/zookeeper/src/charm.py
index
6e4588c
..
c2acf0b
100755
(executable)
--- a/
installers/charm/zookeeper/src/charm.py
+++ b/
installers/charm/zookeeper/src/charm.py
@@
-52,6
+52,7
@@
class ConfigModel(ModelValidator):
sync_limit: int
init_limit: int
tick_time: int
sync_limit: int
init_limit: int
tick_time: int
+ security_context: bool
@validator("log_level")
def validate_log_level(cls, v):
@validator("log_level")
def validate_log_level(cls, v):
@@
-99,7
+100,7
@@
class ZookeeperCharm(CharmedOsmBase):
Args:
event (EventBase): Zookeeper Cluster relation event.
"""
Args:
event (EventBase): Zookeeper Cluster relation event.
"""
- self._publish_
zookeeper_
info(event)
+ self._publish_info(event)
self.configure_pod()
def _publish_info(self, event: EventBase):
self.configure_pod()
def _publish_info(self, event: EventBase):
@@
-120,11
+121,16
@@
class ZookeeperCharm(CharmedOsmBase):
config = ConfigModel(**dict(self.config))
# Create Builder for the PodSpec
config = ConfigModel(**dict(self.config))
# Create Builder for the PodSpec
- pod_spec_builder = PodSpecV3Builder()
+ pod_spec_builder = PodSpecV3Builder(
+ enable_security_context=config.security_context
+ )
# Build Container
container_builder = ContainerV3Builder(
# Build Container
container_builder = ContainerV3Builder(
- self.app.name, image_info, config.image_pull_policy
+ self.app.name,
+ image_info,
+ config.image_pull_policy,
+ run_as_non_root=config.security_context,
)
container_builder.add_port(name="client", port=CLIENT_PORT)
)
container_builder.add_port(name="client", port=CLIENT_PORT)