add pod to initialize ditto logs directory on host vm;

extend securityContext with user and group;

Signed-off-by: Stefan Maute <stefan.maute@bosch.io>

deployment/kubernetes/README.md

@@ -75,6 +75,13 @@ In order to use the kubernetes secret replace the variable "MONGO_DB_HOSTNAME" w
 Ditto uses the `latest` tag for its images. If you want to use a different version replace the `latest` tag in
 `deployment/kubernetes/deploymentFiles/ditto/ditto-cluster.yml` with the version you want to use.
 
+If DITTO_LOGGING_FILE_APPENDER is set to 'true' then the following step have to be done.
+In order to be able to access ditto log files run the following command to initialize the hostPath.
+```bash
+kubectl apply -f deployment/kubernetes/deploymentFiles/ditto/ditto-log-files.yaml
+```
+
+Start Ditto with the predefined version or another of choice.
 ```bash
 kubectl apply -f deployment/kubernetes/deploymentFiles/ditto/
 # Start ditto services with an alternative version e.g. 0-SNAPSHOT

deployment/kubernetes/deploymentFiles/ditto/ditto-cluster.yaml

@@ -23,8 +23,9 @@ spec:
         actorSystemName: ditto-cluster
     spec:
       securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
         fsGroup: 1000
-      restartPolicy: Always
       containers:
       - name: concierge
         image: docker.io/eclipse/ditto-concierge:latest
@@ -124,8 +125,9 @@ spec:
         actorSystemName: ditto-cluster
     spec:
       securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
         fsGroup: 1000
-      restartPolicy: Always
       containers:
       - name: connectivity
         image: docker.io/eclipse/ditto-connectivity:latest
@@ -225,8 +227,9 @@ spec:
         actorSystemName: ditto-cluster
     spec:
       securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
         fsGroup: 1000
-      restartPolicy: Always
       containers:
       - name: things
         image: docker.io/eclipse/ditto-things:latest
@@ -326,8 +329,9 @@ spec:
         actorSystemName: ditto-cluster
     spec:
       securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
         fsGroup: 1000
-      restartPolicy: Always
       containers:
       - name: things-search
         image: docker.io/eclipse/ditto-things-search:latest
@@ -427,8 +431,9 @@ spec:
         actorSystemName: ditto-cluster
     spec:
       securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
         fsGroup: 1000
-      restartPolicy: Always
       containers:
       - name: policies
         image: docker.io/eclipse/ditto-policies:latest
@@ -527,8 +532,9 @@ spec:
         actorSystemName: ditto-cluster
     spec:
       securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
         fsGroup: 1000
-      restartPolicy: Always
       containers:
       - name: gateway
         image: docker.io/eclipse/ditto-gateway:latest

deployment/kubernetes/deploymentFiles/ditto/ditto-log-files.yaml

@@ -0,0 +1,22 @@
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ditto-logs-initiator
+  labels:
+    name: ditto-logs-initiator
+spec:
+  volumes:
+    - name: ditto-logs-directory
+      hostPath:
+        path: /var/log/ditto
+        type: DirectoryOrCreate
+  restartPolicy: OnFailure
+  containers:
+    - name: change-volume-owner
+      image: busybox
+      command: [ "sh", "-c", "chown -R 1000:1000 /var/log/ditto && echo 'changed ownership of /var/log/ditto to 1000:1000'" ]
+      volumeMounts:
+        - name: ditto-logs-directory
+          mountPath: /var/log/ditto