From 3924cfe7ae390678ae4df9b544acf8b373440183 Mon Sep 17 00:00:00 2001
From: Marcus Secato <marcus.viniciuscarvalhosecato@windriver.com>
Date: Thu, 15 Apr 2021 17:52:58 -0400
Subject: [PATCH] Set proper user ID for armada-api container

Since armada application moved to Kubernetes cluster, processes and
commands are not executed with the 'armada' user in armada-api
container. Previously when armada was a separated container user was
enforced through 'docker exec'.

Closes-Bug: 1924579

Signed-off-by: Marcus Secato <marcus.viniciuscarvalhosecato@windriver.com>
Change-Id: I5600974c0b9c3ade73a58dae300e8f3b18c6aefd
---
 kubernetes/armada/centos/armada.spec          |  3 ++-
 ...3-Adjust-security-context-armada-api.patch | 25 +++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 kubernetes/armada/centos/files/0003-Adjust-security-context-armada-api.patch

diff --git a/kubernetes/armada/centos/armada.spec b/kubernetes/armada/centos/armada.spec
index c79ff9d90..7d46c5db4 100644
--- a/kubernetes/armada/centos/armada.spec
+++ b/kubernetes/armada/centos/armada.spec
@@ -17,6 +17,7 @@ Source0:        %{name}-%{git_sha}.tar.gz
 
 Patch1:         0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch
 Patch2:         0002-Add-configurations-for-Helm-SQL-storage-backend.patch
+Patch3:         0003-Adjust-security-context-armada-api.patch
 
 BuildArch:      noarch
 
@@ -31,7 +32,7 @@ BuildRequires: chartmuseum
 %setup -n armada
 %patch1 -p1
 %patch2 -p1
-
+%patch3 -p1
 
 %build
 # Package the armada chart tarball using methodology derived from:
diff --git a/kubernetes/armada/centos/files/0003-Adjust-security-context-armada-api.patch b/kubernetes/armada/centos/files/0003-Adjust-security-context-armada-api.patch
new file mode 100644
index 000000000..ec520afd3
--- /dev/null
+++ b/kubernetes/armada/centos/files/0003-Adjust-security-context-armada-api.patch
@@ -0,0 +1,25 @@
+From b6245bf904a6efbd2096de9d6530f84a6c9eb914 Mon Sep 17 00:00:00 2001
+From: Marcus Secato <marcus.viniciuscarvalhosecato@windriver.com>
+Date: Wed, 7 Apr 2021 16:20:17 -0400
+Subject: [PATCH] Add security context to pod and containers
+
+---
+ charts/armada/values.yaml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml
+index 5a61c96..e4dc801 100644
+--- a/charts/armada/values.yaml
++++ b/charts/armada/values.yaml
+@@ -269,7 +269,7 @@ pod:
+   security_context:
+     armada:
+       pod:
+-        runAsUser: 65534
++        runAsUser: 1000
+       container:
+         armada_api_init:
+           readOnlyRootFilesystem: true
+-- 
+2.29.2
+