Merge "devtools: fix sourcegraph"
diff --git a/devtools/kube/sourcegraph.libsonnet b/devtools/kube/sourcegraph.libsonnet
index 9e2454d..c7e977f 100644
--- a/devtools/kube/sourcegraph.libsonnet
+++ b/devtools/kube/sourcegraph.libsonnet
@@ -21,7 +21,19 @@
},
securityContext: {
runAsUser: 0,
- fsGroup: 70,
+ fsGroup: 0,
+ },
+ // This container fixes some permissions that Kubernetes volume mounts break.
+ initContainer: sourcegraph.Container("fixperms") {
+ image: "alpine:3",
+ volumeMounts_+: {
+ data: { mountPath: "/var/opt/sourcegraph" },
+ },
+ ports_: {},
+ command: [
+ "sh", "-c",
+ "chmod 755 /var/opt/sourcegraph; chmod -R 700 /var/opt/sourcegraph/postgresql",
+ ],
},
container: sourcegraph.Container("main") {
volumeMounts_+: {
diff --git a/kube/mirko.libsonnet b/kube/mirko.libsonnet
index 134c785..5203afd 100644
--- a/kube/mirko.libsonnet
+++ b/kube/mirko.libsonnet
@@ -129,6 +129,7 @@
nodeSelector: null,
securityContext: {},
container:: error "container(s) must be set",
+ initContainer:: null,
ports:: {
publicHTTP: {}, // name -> { port: no, dns: fqdn }
grpc: { main: 4200 }, // name -> port no
@@ -189,6 +190,7 @@
},
} + cfg.volumes,
containers_: cfg.containers,
+ [if cfg.initContainer != null then "initContainers"]: [cfg.initContainer],
nodeSelector: cfg.nodeSelector,
serviceAccountName: component.sa.metadata.name,