cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity

devtools: fix sourcegraph 

Permissions get mangled on container restart. This adds an init
container to fix them.

Change-Id: I37c44e23a75b8ec41e6aba2ed38eee223496b8b9
master
q3k 2020-08-23 11:05:27 +00:00
parent 31e41d5ff7
commit b7898a8038
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
devtools/kube/sourcegraph.libsonnet
View File

@ -21,7 +21,19 @@ local kube = import "../../kube/kube.libsonnet";
},
securityContext: {
runAsUser: 0,
fsGroup: 70,
fsGroup: 0,
},
// This container fixes some permissions that Kubernetes volume mounts break.
initContainer: sourcegraph.Container("fixperms") {
image: "alpine:3",
volumeMounts_+: {
data: { mountPath: "/var/opt/sourcegraph" },
},
ports_: {},
command: [
"sh", "-c",
"chmod 755 /var/opt/sourcegraph; chmod -R 700 /var/opt/sourcegraph/postgresql",
],
},
container: sourcegraph.Container("main") {
volumeMounts_+: {

2
kube/mirko.libsonnet
View File

@ -129,6 +129,7 @@ local kube = import "kube.libsonnet";
nodeSelector: null,
securityContext: {},
container:: error "container(s) must be set",
initContainer:: null,
ports:: {
publicHTTP: {}, // name -> { port: no, dns: fqdn }
grpc: { main: 4200 }, // name -> port no
@ -189,6 +190,7 @@ local kube = import "kube.libsonnet";
},
} + cfg.volumes,
containers_: cfg.containers,
[if cfg.initContainer != null then "initContainers"]: [cfg.initContainer],
nodeSelector: cfg.nodeSelector,
serviceAccountName: component.sa.metadata.name,