devtools: fix sourcegraph
Permissions get mangled on container restart. This adds an init
container to fix them.
Change-Id: I37c44e23a75b8ec41e6aba2ed38eee223496b8b9
diff --git a/devtools/kube/sourcegraph.libsonnet b/devtools/kube/sourcegraph.libsonnet
index 9e2454d..c7e977f 100644
--- a/devtools/kube/sourcegraph.libsonnet
+++ b/devtools/kube/sourcegraph.libsonnet
@@ -21,7 +21,19 @@
},
securityContext: {
runAsUser: 0,
- fsGroup: 70,
+ fsGroup: 0,
+ },
+ // This container fixes some permissions that Kubernetes volume mounts break.
+ initContainer: sourcegraph.Container("fixperms") {
+ image: "alpine:3",
+ volumeMounts_+: {
+ data: { mountPath: "/var/opt/sourcegraph" },
+ },
+ ports_: {},
+ command: [
+ "sh", "-c",
+ "chmod 755 /var/opt/sourcegraph; chmod -R 700 /var/opt/sourcegraph/postgresql",
+ ],
},
container: sourcegraph.Container("main") {
volumeMounts_+: {