Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / ed71be439247476345705d1418ea15ff69ab3297^1..ed71be439247476345705d1418ea15ff69ab3297 / .
commited71be439247476345705d1418ea15ff69ab3297[log] [tgz]
authorq3k <q3k@hackerspace.pl>Sun Aug 23 11:06:27 2020 +0000
committerGerrit Code Review <gerrit@hackerspace.pl>Sun Aug 23 11:06:27 2020 +0000
treefc15c028bc82858131c8b5ea9211318d8824be5a
parent99db0cd62f686eafa2914263d47e8c000d31e84e [diff]
parentb7898a803815aac47b72aa12f7d0b24abf698a05 [diff]
Merge "devtools: fix sourcegraph"
diff --git a/devtools/kube/sourcegraph.libsonnet b/devtools/kube/sourcegraph.libsonnet
index 9e2454d..c7e977f 100644
--- a/devtools/kube/sourcegraph.libsonnet
+++ b/devtools/kube/sourcegraph.libsonnet

@@ -21,7 +21,19 @@
             },
             securityContext: {
                 runAsUser: 0,
-                fsGroup: 70,
+                fsGroup: 0,
+            },
+            // This container fixes some permissions that Kubernetes volume mounts break.
+            initContainer: sourcegraph.Container("fixperms") {
+                image: "alpine:3",
+                volumeMounts_+: {
+                    data: { mountPath: "/var/opt/sourcegraph" },
+                },
+                ports_: {},
+                command: [
+                    "sh", "-c",
+                    "chmod 755 /var/opt/sourcegraph; chmod -R 700 /var/opt/sourcegraph/postgresql",
+                ],
             },
             container: sourcegraph.Container("main") {
                 volumeMounts_+: {

diff --git a/kube/mirko.libsonnet b/kube/mirko.libsonnet
index 134c785..5203afd 100644
--- a/kube/mirko.libsonnet
+++ b/kube/mirko.libsonnet

@@ -129,6 +129,7 @@
             nodeSelector: null,
             securityContext: {},
             container:: error "container(s) must be set",
+            initContainer:: null,
             ports:: {
                 publicHTTP: {}, // name -> { port: no, dns: fqdn }
                 grpc: { main: 4200 }, // name -> port no
@@ -189,6 +190,7 @@
                             },
                         } + cfg.volumes,
                         containers_: cfg.containers,
+                        [if cfg.initContainer != null then "initContainers"]: [cfg.initContainer],
                         nodeSelector: cfg.nodeSelector,
 
                         serviceAccountName: component.sa.metadata.name,