update

Signed-off-by: lili <lli@streamnative.io>

Author: urfreespace

charts/sn-platform/templates/toolset/_toolset.tpl

@@ -58,6 +58,7 @@ Define toolset token volumes
 - name: client-token
   secret:
     secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.client }}"
+    defaultMode: 0400
     items:
       - key: TOKEN
         path: client/token
@@ -99,6 +100,7 @@ Define toolset tls certs volumes
 - name: toolset-certs
   secret:
     secretName: "{{ template "pulsar.toolset.tls.secret.name" . }}"
+    defaultMode: 0400
     items:
     - key: tls.crt
       path: tls.crt
@@ -107,6 +109,7 @@ Define toolset tls certs volumes
 - name: ca
   secret:
     secretName: "{{ template "pulsar.tls.ca.secret.name" . }}"
+    defaultMode: 0400
     items:
     - key: ca.crt
       path: ca.crt
@@ -123,11 +126,13 @@ Define toolset tls certs volumes
   secret:
   {{- if and .Values.certs.public_issuer.enabled (eq .Values.certs.public_issuer.type "acme") }}
     secretName: {{ .Values.certs.lets_encrypt.ca_ref.secretName }}
+    defaultMode: 0400
     items:
       - key: {{ .Values.certs.lets_encrypt.ca_ref.keyName }}
         path: ca.crt
   {{- else }}
     secretName: "{{ template "pulsar.tls.ca.secret.name" . }}"
+    defaultMode: 0400
     items:
       - key: ca.crt
         path: ca.crt

charts/sn-platform/templates/toolset/toolset-statefulset.yaml

@@ -118,6 +118,26 @@ spec:
           bin/apply-config-from-env.py conf/bookkeeper.conf;
           {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 10 }}
           sleep 10000000000
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "ps aux | grep -v grep | grep sleep"
+          initialDelaySeconds: 10
+          periodSeconds: 30
+          timeoutSeconds: 5
+          failureThreshold: 3
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "ps aux | grep -v grep | grep sleep"
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
         envFrom:
         - configMapRef:
             name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
@@ -162,6 +182,26 @@ spec:
           {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 10 }}
           {{- include "pulsar.toolset.kafka.settings" . | nindent 10 }}
           sleep 10000000000
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "ps aux | grep -v grep | grep sleep"
+          initialDelaySeconds: 10
+          periodSeconds: 30
+          timeoutSeconds: 5
+          failureThreshold: 3
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "ps aux | grep -v grep | grep sleep"
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
         envFrom:
         - configMapRef:
             name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"

charts/sn-platform/values.yaml

@@ -1812,6 +1812,9 @@ toolset:
       -XX:MaxDirectMemorySize=128M
   securityContext:
     runAsNonRoot: true
+    runAsUser: 10000
+    runAsGroup: 10000
+    fsGroup: 10000
   serviceAccount:
     # Specifies whether to use a service account to run this component
     use: true