Run Kolla in initContainer

This change moves the kolla execution to an initContainer.
This allows us to run the initContainer as UID 0, while the application container
can run as a non root user.

Signed-off-by: Brendan Shephard <bshephar@redhat.com>

pkg/horizon/deployment.go

@@ -30,7 +30,7 @@ import (
 
 const (
 	// ServiceCommand is the command used to run Kolla and launch the initial Apache process
-	ServiceCommand           = "/usr/local/bin/kolla_start"
+	KollaServiceCommand      = "/usr/local/bin/kolla_start"
 	horizonDashboardURL      = "/dashboard/auth/login/?next=/dashboard/"
 	horizonContainerPortName = "horizon"
 )
@@ -47,8 +47,8 @@ func Deployment(
 
 	var runAsNonRoot bool = true
 	var runAsUserGroup int64 = 8443
-
-	args := []string{"-c", ServiceCommand}
+	var runApacheCommand = []string{"/usr/sbin/httpd"}
+	var runApacheArgs = []string{"-DFOREGROUND"}
 
 	containerPort := corev1.ContainerPort{
 		Name:          horizonContainerPortName,
@@ -57,7 +57,6 @@ func Deployment(
 	}
 
 	envVars := map[string]env.Setter{}
-	envVars["KOLLA_CONFIG_STRATEGY"] = env.SetValue("COPY_ALWAYS")
 	envVars["ENABLE_DESIGNATE"] = env.SetValue("yes")
 	envVars["ENABLE_HEAT"] = env.SetValue("yes")
 	envVars["ENABLE_IRONIC"] = env.SetValue("yes")
@@ -110,13 +109,13 @@ func Deployment(
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: instance.RbacResourceName(),
+					InitContainers:     horizonInitContainer(instance, volumeMounts),
 					Containers: []corev1.Container{
 						{
-							Name: ServiceName,
-							Command: []string{
-								"/bin/bash"},
-							Args:  args,
-							Image: instance.Spec.ContainerImage,
+							Name:    ServiceName,
+							Command: runApacheCommand,
+							Args:    runApacheArgs,
+							Image:   instance.Spec.ContainerImage,
 							SecurityContext: &corev1.SecurityContext{
 								RunAsUser:    &runAsUserGroup,
 								RunAsNonRoot: &runAsNonRoot,
@@ -204,3 +203,30 @@ func formatStartupProbe() *corev1.Probe {
 		},
 	}
 }
+
+func horizonInitContainer(instance *horizonv1.Horizon, volumeMounts []corev1.VolumeMount) []corev1.Container {
+
+	var kollaEnv = make(map[string]env.Setter)
+	var runAsUser int64 = 0
+
+	kollaEnv["KOLLA_CONFIG_STRATEGY"] = env.SetValue("COPY_ALWAYS")
+
+	return []corev1.Container{
+		{
+			Name:  "init",
+			Image: instance.Spec.ContainerImage,
+			SecurityContext: &corev1.SecurityContext{
+				RunAsUser: &runAsUser,
+			},
+			Command: []string{
+				"/bin/bash",
+			},
+			Args: []string{
+				"-c",
+				KollaServiceCommand,
+			},
+			Env:          env.MergeEnvs([]corev1.EnvVar{}, kollaEnv),
+			VolumeMounts: volumeMounts,
+		},
+	}
+}