improve: change toolset pod as nonroot user (#1065)

Signed-off-by: ericsyh <[email protected]>
(cherry picked from commit f62ecba)

charts/sn-platform-slim/templates/toolset/_toolset.tpl

@@ -178,8 +178,13 @@ Define pulsarctl config volume mount
 - name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-pulsarctl"
   mountPath: "/home/pulsar/.config/pulsar/config"
   subPath: pulsarctl.config
+- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-pulsarctl"
+  mountPath: "/root/.config/pulsar/config"
+  subPath: pulsarctl.config
+- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-pulsarctl"
+  mountPath: "/.config/pulsar/config"
+  subPath: pulsarctl.config
 {{- end }}
-
 {{/*
 Define toolset pulsarctl config volumes
 */}}

charts/sn-platform-slim/values.yaml

@@ -1498,7 +1498,7 @@ toolset:
       -Xmx128M
       -XX:MaxDirectMemorySize=128M
   securityContext:
-    runAsUser: 0
+    runAsNonRoot: true
   serviceAccount:
     # Specifies whether to use a service account to run this component
     use: true

charts/sn-platform/templates/toolset/_toolset.tpl

@@ -226,6 +226,12 @@ Define pulsarctl config volume mount
 - name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-pulsarctl"
   mountPath: "/home/pulsar/.config/pulsar/config"
   subPath: pulsarctl.config
+- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-pulsarctl"
+  mountPath: "/root/.config/pulsar/config"
+  subPath: pulsarctl.config
+- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-pulsarctl"
+  mountPath: "/.config/pulsar/config"
+  subPath: pulsarctl.config
 {{- end }}
 
 {{/*

charts/sn-platform/values.yaml

@@ -1580,7 +1580,7 @@ toolset:
       -Xmx128M
       -XX:MaxDirectMemorySize=128M
   securityContext:
-    runAsUser: 0
+    runAsNonRoot: true
   serviceAccount:
     # Specifies whether to use a service account to run this component
     use: true