From f749443bfafc92ac52ac0fe7462699707e2f1e55 Mon Sep 17 00:00:00 2001
From: Rafael Falcao <rafael.vieirafalcao@windriver.com>
Date: Tue, 18 Apr 2023 15:28:09 -0300
Subject: [PATCH] Update user to execute commands in cinder related pods

The cinder-volume container needs to be able to run qemu-img
commands. The current user used to execute those commands
(keystone) does not have the permissions to do that.
We are updating the runAsUser parameter to execute all
cinder related containers as cinder user. Doing that the
user of the container will have the correct permissions
to perform its operations.

Signed-off-by: Rafael Falcao <rafael.vieirafalcao@windriver.com>
Change-Id: I9bffd45208ab2992e380b2226c8e99639bc3f514
---
 cinder/values.yaml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/cinder/values.yaml b/cinder/values.yaml
index 249b4937..a3873676 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -79,14 +79,14 @@ pod:
   security_context:
     volume_usage_audit:
       pod:
-        runAsUser: 42424
+        runAsUser: 42425
       container:
         cinder_volume_usage_audit:
           readOnlyRootFilesystem: true
           allowPrivilegeEscalation: false
     cinder_api:
       pod:
-        runAsUser: 42424
+        runAsUser: 42425
       container:
         ceph_coordination_volume_perms:
           runAsUser: 0
@@ -96,7 +96,7 @@ pod:
           allowPrivilegeEscalation: false
     cinder_backup:
       pod:
-        runAsUser: 42424
+        runAsUser: 42425
       container:
         ceph_backup_keyring_placement:
           runAsUser: 0
@@ -118,7 +118,7 @@ pod:
           runAsUser: 0
     cinder_scheduler:
       pod:
-        runAsUser: 42424
+        runAsUser: 42425
       container:
         ceph_coordination_volume_perms:
           runAsUser: 0
@@ -128,7 +128,7 @@ pod:
           allowPrivilegeEscalation: false
     cinder_volume:
       pod:
-        runAsUser: 42424
+        runAsUser: 42425
       container:
         ceph_keyring_placement:
           runAsUser: 0
@@ -143,7 +143,7 @@ pod:
           readOnlyRootFilesystem: true
     storage_init:
       pod:
-        runAsUser: 42424
+        runAsUser: 42425
       container:
         ceph_keyring_placement:
           runAsUser: 0
@@ -153,14 +153,14 @@ pod:
           allowPrivilegeEscalation: false
     clean:
       pod:
-        runAsUser: 42424
+        runAsUser: 42425
       container:
         cinder_volume_rbd_secret_clean:
           readOnlyRootFilesystem: true
           allowPrivilegeEscalation: false
     create_internal_tenant:
       pod:
-        runAsUser: 42424
+        runAsUser: 42425
       container:
         create_internal_tenant:
           readOnlyRootFilesystem: true
-- 
2.25.1