This is an automated email from the ASF dual-hosted git repository.
kichan pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git
The following commit(s) were added to refs/heads/master by this push:
new c2b8f62 Change to non-root user (#84)
c2b8f62 is described below
commit c2b8f6225f5f58e54cda6da0b6de7ccb188d9693
Author: Kit Chan <[email protected]>
AuthorDate: Tue May 25 15:04:19 2021 -0700
Change to non-root user (#84)
* Change to non-root user
* fixed Dockerfile error
* fix config files
* port changes for the tutorial
* fix library path for ats lua script
* fixed k8s deployment yaml
* Update tutorial documentation
* updated helm chart
---
Dockerfile | 76 +++++++++++++---------
bin/entry.sh | 19 +++---
bin/records-config.sh | 4 +-
bin/tls-config.sh | 2 +-
bin/tls-reload.sh | 2 +-
charts/ats-ingress/templates/deployment.yaml | 4 +-
charts/ats-ingress/values.yaml | 16 ++---
config/healthchecks.config | 2 +-
config/plugin.config | 4 +-
config/records.config | 4 +-
config/redis.conf | 2 +-
docs/TUTORIAL.md | 18 ++---
k8s/traffic-server/ats-deployment.yaml | 27 ++++----
pluginats/connect_redis.lua | 6 +-
redis/redis.go | 2 +-
.../data/setup/traffic-server/ats-deployment.yaml | 2 +-
16 files changed, 100 insertions(+), 90 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 01c1708..2acc454 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,7 +20,7 @@ FROM alpine:3.12.7 as builder
RUN apk add --no-cache --virtual .tools \
bzip2 curl git automake libtool autoconf make sed file perl openrc openssl
-# ATS
+# ATS dependencies
RUN apk add --no-cache --virtual .ats-build-deps \
build-base openssl-dev tcl-dev pcre-dev zlib-dev \
libexecinfo-dev linux-headers libunwind-dev \
@@ -28,23 +28,28 @@ RUN apk add --no-cache --virtual .ats-build-deps \
RUN apk add --no-cache --virtual .ats-extra-build-deps --repository
https://dl-cdn.alpinelinux.org/alpine/edge/community hwloc-dev
+RUN addgroup -Sg 1000 ats
+
+RUN adduser -S -D -H -u 1000 -h /tmp -s /sbin/nologin -G ats -g ats ats
+
+# download and build ATS
RUN curl -L
https://downloads.apache.org/trafficserver/trafficserver-9.0.0.tar.bz2 | bzip2
-dc | tar xf - \
&& cd trafficserver-9.0.0/ \
&& autoreconf -if \
- && ./configure --enable-debug=yes \
+ && ./configure --enable-debug=yes --prefix=/opt/ats --with-user=ats \
&& make \
&& make install
-COPY ["./config/plugin.config", "/usr/local/etc/trafficserver/plugin.config"]
-COPY ["./config/healthchecks.config",
"/usr/local/etc/trafficserver/healthchecks.config"]
-COPY ["./config/records.config", "/usr/local/etc/trafficserver/records.config"]
-COPY ["./config/logging.yaml", "/usr/local/etc/trafficserver/logging.yaml"]
+COPY ["./config/plugin.config", "/opt/ats/etc/trafficserver/plugin.config"]
+COPY ["./config/healthchecks.config",
"/opt/ats/etc/trafficserver/healthchecks.config"]
+COPY ["./config/records.config", "/opt/ats/etc/trafficserver/records.config"]
+COPY ["./config/logging.yaml", "/opt/ats/etc/trafficserver/logging.yaml"]
# enable traffic.out for alpine/gentoo
-RUN sed -i "s/TM_DAEMON_ARGS=\"\"/TM_DAEMON_ARGS=\" --bind_stdout
\/usr\/local\/var\/log\/trafficserver\/traffic.out --bind_stderr
\/usr\/local\/var\/log\/trafficserver\/traffic.out \"/"
/usr/local/bin/trafficserver
-RUN sed -i "s/TS_DAEMON_ARGS=\"\"/TS_DAEMON_ARGS=\" --bind_stdout
\/usr\/local\/var\/log\/trafficserver\/traffic.out --bind_stderr
\/usr\/local\/var\/log\/trafficserver\/traffic.out \"/"
/usr/local/bin/trafficserver
+RUN sed -i "s/TM_DAEMON_ARGS=\"\"/TM_DAEMON_ARGS=\" --bind_stdout
\/opt\/ats\/var\/log\/trafficserver\/traffic.out --bind_stderr
\/opt\/ats\/var\/log\/trafficserver\/traffic.out \"/" /opt/ats/bin/trafficserver
+RUN sed -i "s/TS_DAEMON_ARGS=\"\"/TS_DAEMON_ARGS=\" --bind_stdout
\/opt\/ats\/var\/log\/trafficserver\/traffic.out --bind_stderr
\/opt\/ats\/var\/log\/trafficserver\/traffic.out \"/" /opt/ats/bin/trafficserver
-# Installing lua 5.1.4
+# Installing lua 5.1.4 and provide header files to compile luasocket
RUN curl -R -O http://www.lua.org/ftp/lua-5.1.4.tar.gz \
&& tar zxf lua-5.1.4.tar.gz \
&& cd lua-5.1.4 \
@@ -58,12 +63,12 @@ RUN wget
https://github.com/diegonehab/luasocket/archive/v3.0-rc1.tar.gz \
&& sed -i "s/LDFLAGS_linux=-O -shared -fpic -o/LDFLAGS_linux=-O -shared
-fpic -L\/usr\/lib -lluajit-5.1 -o/" src/makefile \
&& ln -sf /usr/lib/libluajit-5.1.so.2.1.0 /usr/lib/libluajit-5.1.so \
&& make \
- && make install-unix
+ && make install-unix prefix=/opt/ats
# redis.lua
RUN wget https://github.com/nrk/redis-lua/archive/v2.0.4.tar.gz \
&& tar zxf v2.0.4.tar.gz \
- && cp redis-lua-2.0.4/src/redis.lua /usr/local/share/lua/5.1/redis.lua
+ && cp redis-lua-2.0.4/src/redis.lua /opt/ats/share/lua/5.1/redis.lua
# ingress-ats
RUN apk add --no-cache --virtual .ingress-build-deps \
@@ -71,12 +76,12 @@ RUN apk add --no-cache --virtual .ingress-build-deps \
# Installing Golang
https://github.com/CentOS/CentOS-Dockerfiles/blob/master/golang/centos7/Dockerfile
RUN wget https://dl.google.com/go/go1.15.11.src.tar.gz \
- && tar -C /usr/local -xzf go1.15.11.src.tar.gz && cd /usr/local/go/src/ &&
./make.bash
-ENV PATH=${PATH}:/usr/local/go/bin
-ENV GOPATH="/usr/local/go/bin"
+ && tar -C /opt/ats -xzf go1.15.11.src.tar.gz && cd /opt/ats/go/src/ &&
./make.bash
+ENV PATH=${PATH}:/opt/ats/go/bin
+ENV GOPATH="/opt/ats/go/bin"
# ----------------------- Copy over Project Code to Go path
------------------------
-RUN mkdir -p /usr/local/go/bin/src/ingress-ats
+RUN mkdir -p /opt/ats/go/bin/src/ingress-ats
COPY ["./main/", "$GOPATH/src/ingress-ats/main"]
COPY ["./proxy/", "$GOPATH/src/ingress-ats/proxy"]
@@ -89,27 +94,33 @@ COPY ["./redis/", "$GOPATH/src/ingress-ats/redis"]
COPY ["./go.mod", "$GOPATH/src/ingress-ats/go.mod"]
# Building Project Main
-WORKDIR /usr/local/go/bin/src/ingress-ats
+WORKDIR /opt/ats/go/bin/src/ingress-ats
ENV GO111MODULE=on
RUN go build -o ingress_ats main/main.go
# redis conf
-COPY ["./config/redis.conf", "/usr/local/etc/redis.conf"]
+COPY ["./config/redis.conf", "/opt/ats/etc/redis.conf"]
# entry.sh + other scripts
-COPY ["./bin/tls-config.sh", "/usr/local/bin/tls-config.sh"]
-COPY ["./bin/tls-reload.sh", "/usr/local/bin/tls-reload.sh"]
-COPY ["./bin/records-config.sh", "/usr/local/bin/records-config.sh"]
-COPY ["./bin/entry.sh", "/usr/local/bin/entry.sh"]
-WORKDIR /usr/local/bin/
+COPY ["./bin/tls-config.sh", "/opt/ats/bin/tls-config.sh"]
+COPY ["./bin/tls-reload.sh", "/opt/ats/bin/tls-reload.sh"]
+COPY ["./bin/records-config.sh", "/opt/ats/bin/records-config.sh"]
+COPY ["./bin/entry.sh", "/opt/ats/bin/entry.sh"]
+WORKDIR /opt/ats/bin/
RUN chmod 755 tls-config.sh
RUN chmod 755 tls-reload.sh
RUN chmod 755 records-config.sh
RUN chmod 755 entry.sh
-FROM alpine:3.12.7
+# redis
+RUN mkdir -p /opt/ats/var/run/redis/ \
+ && touch /opt/ats/var/run/redis/redis.sock \
+ && mkdir -p /opt/ats/var/log/redis
-COPY --from=builder /usr/local /usr/local
+# set up ingress log location
+RUN mkdir -p /opt/ats/var/log/ingress/
+
+FROM alpine:3.12.7
# essential library
RUN apk add --no-cache -U \
@@ -134,15 +145,16 @@ RUN apk add --no-cache -U \
RUN apk add --no-cache -U --repository
https://dl-cdn.alpinelinux.org/alpine/edge/community hwloc
-# redis
-RUN mkdir -p /var/run/redis/ \
- && touch /var/run/redis/redis.sock \
- && mkdir -p /var/log/redis
-
# symlink for luajit
RUN ln -sf /usr/lib/libluajit-5.1.so.2.1.0 /usr/lib/libluajit-5.1.so
-# set up ingress log location
-RUN mkdir -p /usr/local/var/log/ingress/
+# create ats user/group
+RUN addgroup -Sg 1000 ats
+
+RUN adduser -S -D -H -u 1000 -h /tmp -s /sbin/nologin -G ats -g ats ats
+
+COPY --from=builder --chown=ats:ats /opt/ats /opt/ats
+
+USER ats
-ENTRYPOINT ["/usr/local/bin/entry.sh"]
+ENTRYPOINT ["/opt/ats/bin/entry.sh"]
diff --git a/bin/entry.sh b/bin/entry.sh
index dc7ac9f..3641b80 100755
--- a/bin/entry.sh
+++ b/bin/entry.sh
@@ -19,31 +19,30 @@
set +x
# TLS auto reload script
-/usr/local/bin/tls-reload.sh >> /usr/local/var/log/ingress/ingress_ats.err &
+#/opt/ats/bin/tls-reload.sh >> /opt/ats/var/log/ingress/ingress_ats.err &
# generate TLS cert config file for ats
-/usr/local/bin/tls-config.sh
+/opt/ats/bin/tls-config.sh
# append specific environment variables to records.config
-/usr/local/bin/records-config.sh
+/opt/ats/bin/records-config.sh
# append extra plugins to plugin.config
if [ ! -f "${EXTRA_PLUGIN_FNAME}" ]; then
- cat $EXTRA_PLUGIN_FNAME >> /usr/local/etc/trafficserver/plugin.config
+ cat $EXTRA_PLUGIN_FNAME >> /opt/ats/etc/trafficserver/plugin.config
fi
# start redis
-redis-server /usr/local/etc/redis.conf
+redis-server /opt/ats/etc/redis.conf
# create health check file and start ats
-touch /var/run/ts-alive
-chown -R nobody:nobody /usr/local/etc/trafficserver
-DISTRIB_ID=gentoo /usr/local/bin/trafficserver start
+touch /opt/ats/var/run/ts-alive
+# chown -R nobody:nobody /opt/ats/etc/trafficserver
+DISTRIB_ID=gentoo /opt/ats/bin/trafficserver start
if [ -z "${INGRESS_NS}" ]; then
INGRESS_NS="all"
fi
-sleep 20
-/usr/local/go/bin/src/ingress-ats/ingress_ats
-atsIngressClass="$INGRESS_CLASS" -atsNamespace="$POD_NAMESPACE"
-namespaces="$INGRESS_NS" -ignoreNamespaces="$INGRESS_IGNORE_NS"
-useInClusterConfig=T 2>>/usr/local/var/log/ingress/ingress_ats.err
+/opt/ats/go/bin/src/ingress-ats/ingress_ats -atsIngressClass="$INGRESS_CLASS"
-atsNamespace="$POD_NAMESPACE" -namespaces="$INGRESS_NS"
-ignoreNamespaces="$INGRESS_IGNORE_NS" -useInClusterConfig=T
2>>/opt/ats/var/log/ingress/ingress_ats.err
diff --git a/bin/records-config.sh b/bin/records-config.sh
index fd2823b..a8a58dd 100755
--- a/bin/records-config.sh
+++ b/bin/records-config.sh
@@ -19,9 +19,9 @@
set +x
if [ ! -z "${LOG_CONFIG_FNAME}" ]; then
- echo "CONFIG proxy.config.log.config.filename STRING
${LOG_CONFIG_FNAME}" >> /usr/local/etc/trafficserver/records.config
+ echo "CONFIG proxy.config.log.config.filename STRING
${LOG_CONFIG_FNAME}" >> /opt/ats/etc/trafficserver/records.config
fi
if [ ! -z "${SSL_SERVERNAME_FNAME}" ]; then
- echo "CONFIG proxy.config.ssl.servername.filename STRING
${SSL_SERVERNAME_FNAME}" >> /usr/local/etc/trafficserver/records.config
+ echo "CONFIG proxy.config.ssl.servername.filename STRING
${SSL_SERVERNAME_FNAME}" >> /opt/ats/etc/trafficserver/records.config
fi
diff --git a/bin/tls-config.sh b/bin/tls-config.sh
index dd0dc99..4dd02e6 100755
--- a/bin/tls-config.sh
+++ b/bin/tls-config.sh
@@ -37,4 +37,4 @@ if [ ! -f "${tlskey}" ]; then
exit 1
fi
-echo "dest_ip=* ssl_cert_name=${tlscrt} ssl_key_name=${tlskey}" >
/usr/local/etc/trafficserver/ssl_multicert.config
+echo "dest_ip=* ssl_cert_name=${tlscrt} ssl_key_name=${tlskey}" >
/opt/ats/etc/trafficserver/ssl_multicert.config
diff --git a/bin/tls-reload.sh b/bin/tls-reload.sh
index f7efb89..57b2452 100755
--- a/bin/tls-reload.sh
+++ b/bin/tls-reload.sh
@@ -41,7 +41,7 @@ inotifywait -e modify,move,create,delete -mr --timefmt
'%d/%m/%y %H:%M' --format
if [ "$newcksum" != "$oldcksum" ]; then
echo "At ${time} on ${date}, tls cert/key files update
detected."
oldcksum=$newcksum
- touch /usr/local/etc/trafficserver/ssl_multicert.config
+ touch /opt/ats/etc/trafficserver/ssl_multicert.config
traffic_ctl config reload
fi
done
diff --git a/charts/ats-ingress/templates/deployment.yaml
b/charts/ats-ingress/templates/deployment.yaml
index b249ad8..fef27be 100644
--- a/charts/ats-ingress/templates/deployment.yaml
+++ b/charts/ats-ingress/templates/deployment.yaml
@@ -115,10 +115,10 @@ spec:
value: {{ .value }}
{{- end }}
ports:
- - containerPort: 80
+ - containerPort: 8080
name: http
protocol: TCP
- - containerPort: 443
+ - containerPort: 8443
name: https
protocol: TCP
resources:
diff --git a/charts/ats-ingress/values.yaml b/charts/ats-ingress/values.yaml
index 4f68208..6ac2a07 100644
--- a/charts/ats-ingress/values.yaml
+++ b/charts/ats-ingress/values.yaml
@@ -85,13 +85,13 @@ controller:
labels: {}
http:
- port: 80
- targetPort: 80
- nodePort: 30000
+ port: 8080
+ targetPort: 8080
+ nodePort: 30080
https:
- port: 443
- targetPort: 443
- nodePort: 30043
+ port: 8443
+ targetPort: 8443
+ nodePort: 30443
# clusterIP: ""
@@ -121,9 +121,9 @@ controller:
## log location for ATS and controller program
log:
trafficserver:
- dir: /usr/local/var/log/trafficserver
+ dir: /opt/ats/var/log/trafficserver
ingress:
- dir: /usr/local/var/log/ingress
+ dir: /opt/ats/var/log/ingress
## Additional labels to add to the deployment or daemonset metadata
## ref:
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
diff --git a/config/healthchecks.config b/config/healthchecks.config
index 96617cc..eb0dd53 100644
--- a/config/healthchecks.config
+++ b/config/healthchecks.config
@@ -1 +1 @@
-/status.html /var/run/ts-alive text/plain 200 404
+/status.html /opt/ats/var/run/ts-alive text/plain 200 404
diff --git a/config/plugin.config b/config/plugin.config
index 9fda2cf..a79f813 100644
--- a/config/plugin.config
+++ b/config/plugin.config
@@ -14,6 +14,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-healthchecks.so /usr/local/etc/trafficserver/healthchecks.config
-tslua.so /usr/local/go/bin/src/ingress-ats/pluginats/connect_redis.lua
+healthchecks.so /opt/ats/etc/trafficserver/healthchecks.config
+tslua.so /opt/ats/go/bin/src/ingress-ats/pluginats/connect_redis.lua
stats_over_http.so
diff --git a/config/records.config b/config/records.config
index aa2ed44..94d2279 100644
--- a/config/records.config
+++ b/config/records.config
@@ -36,7 +36,7 @@ CONFIG proxy.config.exec_thread.affinity INT 1
# Specify server addresses and ports to bind for HTTP and HTTPS. Docs:
#
https://docs.trafficserver.apache.org/records.config#proxy.config.http.server_ports
##############################################################################
-CONFIG proxy.config.http.server_ports STRING 80 443:ssl 80:ipv6 443:ssl:ipv6
+CONFIG proxy.config.http.server_ports STRING 8080 8443:ssl 8080:ipv6
8443:ssl:ipv6
##############################################################################
# Via: headers. Docs:
@@ -195,6 +195,6 @@ CONFIG proxy.config.http.slow.log.threshold INT 0
##############################################################################
# Additional Logging and debugging for now
##############################################################################
-CONFIG proxy.config.log.logfile_dir STRING /usr/local/var/log/trafficserver/
+CONFIG proxy.config.log.logfile_dir STRING /opt/ats/var/log/trafficserver/
diff --git a/config/redis.conf b/config/redis.conf
index 7cca60d..cc4595c 100644
--- a/config/redis.conf
+++ b/config/redis.conf
@@ -15,6 +15,6 @@
# limitations under the License.
port 0
-unixsocket /var/run/redis/redis.sock
+unixsocket /opt/ats/var/run/redis/redis.sock
unixsocketperm 777
daemonize yes
diff --git a/docs/TUTORIAL.md b/docs/TUTORIAL.md
index 2b54efd..8fb4af8 100644
--- a/docs/TUTORIAL.md
+++ b/docs/TUTORIAL.md
@@ -99,16 +99,16 @@ The following steps can be executed in any order
ATS proxying should have started to work. To see proxy in action, we can use
[curl](https://linux.die.net/man/1/curl):
-1. `$ curl -vH "HOST:test.media.com" "$(minikube ip):30000/app1"`
-2. `$ curl -vH "HOST:test.media.com" "$(minikube ip):30000/app2"`
-3. `$ curl -vH "HOST:test.edge.com" "$(minikube ip):30000/app1"`
-4. `$ curl -vH "HOST:test.edge.com" "$(minikube ip):30000/app2"`
-5. `$ curl -vH "HOST:test.edge.com" -k "https://$(minikube ip):30043/app2"`
+1. `$ curl -vH "HOST:test.media.com" "$(minikube ip):30080/app1"`
+2. `$ curl -vH "HOST:test.media.com" "$(minikube ip):30080/app2"`
+3. `$ curl -vH "HOST:test.edge.com" "$(minikube ip):30080/app1"`
+4. `$ curl -vH "HOST:test.edge.com" "$(minikube ip):30080/app2"`
+5. `$ curl -vH "HOST:test.edge.com" -k "https://$(minikube ip):30443/app2"`
You may have problem with minikube using docker driver as localhost (i.e.
127.0.0.1) will be used as the cluster ip. So you will need to forward the
traffic designated for the port to the ports of the ATS pods inside the cluster
before the above curl commands will work. Each command below needs to be run in
separate terminal.
-- `$ kubectl port-forward <pod name> 30043:443 -n trafficserver-test`
-- `$ kubectl port-forward <pod name> 30000:80 -n trafficserver-test`
+- `$ kubectl port-forward <pod name> 30443:443 -n trafficserver-test`
+- `$ kubectl port-forward <pod name> 30080:80 -n trafficserver-test`
#### ConfigMap
@@ -145,9 +145,9 @@ You can specify extra plugins for
[plugin.config](https://docs.trafficserver.apa
#### Fluentd
-This project ships with [Fluentd](https://docs.fluentd.org/) already
integrated with the Apache Traffic Server. The configuration file used for the
same can be found [here](../k8s/configmaps/fluentd-configmap.yaml)
+The above tutorial is already integrated with
[Fluentd](https://docs.fluentd.org/). The configuration file used for the same
can be found [here](../k8s/configmaps/fluentd-configmap.yaml)
-As can be seen from the default configuration file, Fluentd reads the Apache
Traffic Server access logs located at
`/usr/local/var/log/trafficserver/squid.log` and outputs them to `stdout`. The
ouput plugin for Fluentd can be changed to send the logs to any desired
location supported by Fluentd including Elasticsearch, Kafka, MongoDB etc. You
can read more about output plugins [here](https://docs.fluentd.org/output).
+As can be seen from the default configuration file, Fluentd reads the Apache
Traffic Server access logs located at
`/opt/ats/var/log/trafficserver/squid.log` and outputs them to `stdout`. The
ouput plugin for Fluentd can be changed to send the logs to any desired
location supported by Fluentd including Elasticsearch, Kafka, MongoDB etc. You
can read more about output plugins [here](https://docs.fluentd.org/output).
#### Prometheus and Grafana
diff --git a/k8s/traffic-server/ats-deployment.yaml
b/k8s/traffic-server/ats-deployment.yaml
index 3e2b632..9f12438 100644
--- a/k8s/traffic-server/ats-deployment.yaml
+++ b/k8s/traffic-server/ats-deployment.yaml
@@ -53,9 +53,9 @@ spec:
name: ats-ssl
readOnly: true
- name: log-trafficserver
- mountPath: "/usr/local/var/log/trafficserver"
+ mountPath: "/opt/ats/var/log/trafficserver"
- name: log-ingress
- mountPath: "/usr/local/var/log/ingress"
+ mountPath: "/opt/ats/var/log/ingress"
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
@@ -70,18 +70,16 @@ spec:
# - name: INGRESS_CLASS
# value: "ats"
# - name: LOG_CONFIG_FNAME
-# value: "/usr/local/etc/trafficserver/logging.yaml"
+# value: "/opt/ats/etc/trafficserver/logging.yaml"
# - name: SSL_SERVERNAME_FNAME
-# value: "/usr/local/etc/trafficserver/ssl_server_name.yaml"
+# value: "/opt/ats/etc/trafficserver/ssl_server_name.yaml"
- name: POD_TLS_PATH
value: "/etc/ats/ssl"
ports:
- - containerPort: 80
- hostPort: 80
+ - containerPort: 8080
name: http
protocol: TCP
- - containerPort: 443
- hostPort: 443
+ - containerPort: 8443
name: https
protocol: TCP
- name: log-collector
@@ -96,6 +94,7 @@ spec:
- name: trafficserver-exporter
image: ats-ingress-exporter:latest
imagePullPolicy: IfNotPresent
+ args: ["--endpoint=http://127.0.0.1:8080/_stats";]
ports:
- containerPort: 9122
volumes:
@@ -121,14 +120,14 @@ spec:
type: NodePort
ports:
- name: http
- port: 80
+ port: 8080
protocol: TCP
- targetPort: 80
- nodePort: 30000
+ targetPort: 8080
+ nodePort: 30080
- name: https
- port: 443
+ port: 8443
protocol: TCP
- targetPort: 443
- nodePort: 30043
+ targetPort: 8443
+ nodePort: 30443
selector:
app: trafficserver-test
diff --git a/pluginats/connect_redis.lua b/pluginats/connect_redis.lua
index 4a71426..da90994 100644
--- a/pluginats/connect_redis.lua
+++ b/pluginats/connect_redis.lua
@@ -14,13 +14,13 @@
-- See the License for the specific language governing permissions and
-- limitations under the License.
-ts.add_package_cpath('/usr/local/lib/lua/5.1/socket/?.so;/usr/local/lib/lua/5.1/mime/?.so')
-ts.add_package_path('/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/socket/?.lua')
+ts.add_package_cpath('/opt/ats/lib/lua/5.1/?.so;/opt/ats/lib/lua/5.1/socket/?.so;/opt/ats/lib/lua/5.1/mime/?.so')
+ts.add_package_path('/opt/ats/share/lua/5.1/?.lua;/opt/ats/share/lua/5.1/socket/?.lua')
local redis = require 'redis'
-- connecting to unix domain socket
-local client = redis.connect('unix:///var/run/redis/redis.sock')
+local client = redis.connect('unix:///opt/ats/var/run/redis/redis.sock')
-- helper function to split a string
function ipport_split(s, delimiter)
diff --git a/redis/redis.go b/redis/redis.go
index be37067..11a7647 100644
--- a/redis/redis.go
+++ b/redis/redis.go
@@ -30,7 +30,7 @@ type Client struct {
}
const (
- redisSocketAddr string = "/var/run/redis/redis.sock"
+ redisSocketAddr string = "/opt/ats/var/run/redis/redis.sock"
// RSUCCESS is the success code returned by a Redis op
RSUCCESS int64 = 1
// RFAIL is the failure code returned by a Redis op
diff --git a/tests/data/setup/traffic-server/ats-deployment.yaml
b/tests/data/setup/traffic-server/ats-deployment.yaml
index f4b29fb..d432c4a 100644
--- a/tests/data/setup/traffic-server/ats-deployment.yaml
+++ b/tests/data/setup/traffic-server/ats-deployment.yaml
@@ -52,7 +52,7 @@ spec:
name: ats-ssl
readOnly: true
- name: varlog
- mountPath: /usr/local/var/log/trafficserver
+ mountPath: /opt/ats/var/log/trafficserver
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
