devtools: fix sourcegraph Permissions get mangled on container restart. This adds an init container to fix them. Change-Id: I37c44e23a75b8ec41e6aba2ed38eee223496b8b9

commit: b7898a803815aac47b72aa12f7d0b24abf698a05 [log] [tgz]
author: Serge Bazanski <q3k@hackerspace.pl> Sun Aug 23 11:05:27 2020 +0000
committer: Serge Bazanski <q3k@hackerspace.pl> Sun Aug 23 11:05:57 2020 +0000
tree: a8aaf976777f4508635c5a27e31138517dbd1563
parent: 31e41d5ff705d9e211b28855c9367111b855e378 [diff] [blame]
diff --git a/devtools/kube/sourcegraph.libsonnet b/devtools/kube/sourcegraph.libsonnet
index 9e2454d..c7e977f 100644
--- a/devtools/kube/sourcegraph.libsonnet
+++ b/devtools/kube/sourcegraph.libsonnet

@@ -21,7 +21,19 @@
             },
             securityContext: {
                 runAsUser: 0,
-                fsGroup: 70,
+                fsGroup: 0,
+            },
+            // This container fixes some permissions that Kubernetes volume mounts break.
+            initContainer: sourcegraph.Container("fixperms") {
+                image: "alpine:3",
+                volumeMounts_+: {
+                    data: { mountPath: "/var/opt/sourcegraph" },
+                },
+                ports_: {},
+                command: [
+                    "sh", "-c",
+                    "chmod 755 /var/opt/sourcegraph; chmod -R 700 /var/opt/sourcegraph/postgresql",
+                ],
             },
             container: sourcegraph.Container("main") {
                 volumeMounts_+: {
commit	b7898a803815aac47b72aa12f7d0b24abf698a05	[log] [tgz]
author	Serge Bazanski <q3k@hackerspace.pl>	Sun Aug 23 11:05:27 2020 +0000
committer	Serge Bazanski <q3k@hackerspace.pl>	Sun Aug 23 11:05:57 2020 +0000
tree	a8aaf976777f4508635c5a27e31138517dbd1563
parent	31e41d5ff705d9e211b28855c9367111b855e378 [diff] [blame]