diff --git a/image/Dockerfile b/image/Dockerfile index 7c6d3a3..9bb868b 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -14,7 +14,7 @@ COPY tools /opt/intly/tools RUN chown -R 1001:root /opt/intly RUN find /opt/intly/tools -type f -exec chmod +x {} \; && \ - mkdir /.kube && touch /.kube/config && chmod -R 777 /.kube + mkdir /.kube && touch /.kube/config && chmod -R 774 /.kube ENTRYPOINT ["/opt/intly/tools/entrypoint.sh"] diff --git a/templates/openshift/README.md b/templates/openshift/README.md index da12abd..1b1cbbd 100644 --- a/templates/openshift/README.md +++ b/templates/openshift/README.md @@ -55,6 +55,7 @@ BACKEND_SECRET_NAME Backend secret name to create environment variables fro ENCRYPTION_SECRET_NAME Encruption secret name to create environment variables from CRON_SCHEDULE Job schedule in Cron Format [Default is everyday at 2am] */1 * * * * IMAGE Backup docker image URL quay.io/integreatly/backup-container:master +SERVICEACCOUNT The service account used by the backup job. backupjob DEBUG Debug flag to sleep the job pod after its execution ``` @@ -85,5 +86,6 @@ COMPONENT_SECRET_NAME Component secret name to create environment variables f BACKEND_SECRET_NAME Backend secret name to create environment variables from ENCRYPTION_SECRET_NAME Encruption secret name to create environment variables from IMAGE Backup docker image URL quay.io/integreatly/backup-container:master +SERVICEACCOUNT The service account used by the backup job. backupjob DEBUG Debug flag to sleep the job pod after its execution -``` \ No newline at end of file +``` diff --git a/templates/openshift/backup-cronjob-template.yaml b/templates/openshift/backup-cronjob-template.yaml index 8b07ce8..7d6642c 100644 --- a/templates/openshift/backup-cronjob-template.yaml +++ b/templates/openshift/backup-cronjob-template.yaml @@ -20,7 +20,7 @@ objects: labels: cronjob-name: ${NAME} spec: - serviceAccountName: backupjob + serviceAccountName: "${SERVICEACCOUNT}" containers: - name: backup-cronjob image: "${IMAGE}" @@ -71,5 +71,8 @@ parameters: - name: IMAGE description: 'Backup docker image URL' value: 'quay.io/integreatly/backup-container:master' + - name: SERVICEACCOUNT + description: 'The service account used by the backup job' + value: backupjob - name: DEBUG description: "Debug flag to sleep the job pod after its execution" diff --git a/templates/openshift/backup-job-template.yaml b/templates/openshift/backup-job-template.yaml index 9da5698..4853bb9 100644 --- a/templates/openshift/backup-job-template.yaml +++ b/templates/openshift/backup-job-template.yaml @@ -19,7 +19,7 @@ objects: labels: job-name: ${NAME} spec: - serviceAccountName: backupjob + serviceAccountName: "${SERVICEACCOUNT}" containers: - name: backup-job image: "${IMAGE}" @@ -34,13 +34,6 @@ objects: - "${ENCRYPTION}" - "-d" - "${DEBUG}" - envFrom: - - secretRef: - name: "${COMPONENT_SECRET_NAME}" - - secretRef: - name: "${BACKEND_SECRET_NAME}" - - secretRef: - name: "${ENCRYPTION_SECRET_NAME}" restartPolicy: Never parameters: - name: NAME @@ -67,5 +60,8 @@ parameters: - name: IMAGE description: 'Backup docker image URL' value: 'quay.io/integreatly/backup-container:master' + - name: SERVICEACCOUNT + description: 'The service account used by the backup job' + value: backupjob - name: DEBUG description: "Debug flag to sleep the job pod after its execution"