From e1fac0ba4d6a2692f19beb265d187bdd0d4bfc59 Mon Sep 17 00:00:00 2001
From: "KHIYANI, RAHUL (rk0850)" <rk0850@att.com>
Date: Mon, 2 Nov 2020 13:55:34 -0600
Subject: [PATCH] Add missing flags to nginx container in neutron chart

This adds readOnly-fs flag to nginx container

Change-Id: Ie75e460fe2f45f1ae908f1fe475461267251461f
---
 neutron/Chart.yaml                       | 2 +-
 neutron/templates/deployment-server.yaml | 4 +++-
 neutron/values.yaml                      | 3 +++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml
index f3d7f8f482..5a4d3b6c25 100644
--- a/neutron/Chart.yaml
+++ b/neutron/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Neutron
 name: neutron
-version: 0.1.4
+version: 0.1.5
 home: https://docs.openstack.org/neutron/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
 sources:
diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml
index 1eedc226d4..6f254a2c55 100644
--- a/neutron/templates/deployment-server.yaml
+++ b/neutron/templates/deployment-server.yaml
@@ -103,7 +103,7 @@ spec:
         - name: nginx
 {{ tuple $envAll "nginx" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.nginx | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "neutron" "container" "nginx" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_server" "container" "nginx" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           ports:
             - name: q-api
               containerPort: {{ tuple "network" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
@@ -129,6 +129,8 @@ spec:
                   - /tmp/nginx.sh
                   - stop
           volumeMounts:
+            - name: pod-tmp
+              mountPath: /tmp
             - name: neutron-bin
               mountPath: /tmp/nginx.sh
               subPath: nginx.sh
diff --git a/neutron/values.yaml b/neutron/values.yaml
index d75447828e..0275649f49 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -516,6 +516,9 @@ pod:
       pod:
         runAsUser: 42424
       container:
+        nginx:
+          runAsUser: 0
+          readOnlyRootFilesystem: false
         neutron_server:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true