krb5: fixes after moving to helm

diegodelemos · Jan 17, 2020 · 2688996 · 2688996
1 parent b764e31
commit 2688996
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 5 deletions.
diff --git a/krb5/Dockerfile b/krb5/Dockerfile
@@ -1,6 +1,6 @@
 FROM python:3.6-slim
 
-RUN apt-get update && \
-    export DEBIAN_FRONTEND=noninteractive; \
-    apt-get install -y vim-tiny krb5-user krb5-config libkrb5-dev \
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update
+RUN apt-get install -y vim-tiny krb5-user krb5-config libkrb5-dev \
                        libauthen-krb5-perl --no-install-recommends;
diff --git a/reana_job_controller/config.py b/reana_job_controller/config.py
@@ -82,10 +82,10 @@
 should match `default_ccache_name` in krb5.conf.
 """
 
-KRB5_TOKEN_CACHE_FILENAME = 'krb5_{}'.format(WORKFLOW_RUNTIME_USER_UID)
+KRB5_TOKEN_CACHE_FILENAME = 'krb5_{}'
 """Name of the Kerberos token cache file."""
 
-KRB5_CONFIGMAP_NAME = 'krb5-conf'
+KRB5_CONFIGMAP_NAME = 'reana-krb5-conf'
 """Kerberos configMap name. Must be the same as in
 reana_cluster/backends/kubernetes/templates/configmaps/kerberos.yaml.
 """
diff --git a/reana_job_controller/kubernetes_job_manager.py b/reana_job_controller/kubernetes_job_manager.py
@@ -280,7 +280,11 @@ def _add_krb5_init_container(self, secrets_volume_mount):
             'name': current_app.config['KRB5_CONTAINER_NAME'],
             'imagePullPolicy': 'IfNotPresent',
             'volumeMounts': [secrets_volume_mount] + volume_mounts,
+            'security_context': client.V1PodSecurityContext(
+                run_as_group=WORKFLOW_RUNTIME_USER_GID,
+                run_as_user=self.kubernetes_uid)
         }
+
         self.job['spec']['template']['spec']['volumes'].extend(
             [ticket_cache_volume, krb5_config_volume])
         self.job['spec']['template']['spec']['containers'][0][
@@ -293,6 +297,7 @@ def _add_krb5_init_container(self, secrets_volume_mount):
                            'value': os.path.join(
                                current_app.config['KRB5_TOKEN_CACHE_LOCATION'],
                                current_app.config['KRB5_TOKEN_CACHE_FILENAME']
+                               .format(self.kubernetes_uid)
                            )})
         self.job['spec']['template']['spec']['initContainers'].append(
             krb5_container)