AM: Run attestation manager as TC user (#195)

Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Co-authored-by: pchandra <prakash1.chandra@intel.com>

Author: lsubash

helm/attestation-manager/templates/cleanup-job.yaml

@@ -14,12 +14,12 @@ spec:
       containers:
       - name: cleanup-am
         image: debian:bullseye-slim
-        command: ["sh", "-c", "rm -rf /tmp/attestation-manager/*"]
+        command: ["sh", "-c", "rm -rf /tmp/attestation-manager/flavor_update"]
         volumeMounts:
         - name: host-volume
           mountPath: /tmp/attestation-manager
       restartPolicy: Never
       volumes:
       - name: host-volume
         hostPath:
-          path: /tmp/attestation-manager
+          path: /tmp/

helm/attestation-manager/templates/deployment.yaml

@@ -113,7 +113,7 @@ spec:
             path: /etc/intel_edge_node/orch-ca-cert/orch-ca.crt
         - name: flavor-addition-check
           hostPath:
-            path: /tmp/attestation-manager/
+            path: /tmp/
             type: DirectoryOrCreate
         - name: cms-crt
           emptyDir: {}

helm/attestation-manager/values.yaml

@@ -43,9 +43,11 @@ podSecurityContext:
      drop:
      - ALL
   runAsUser: 503
+  runAsGroup: 500
 
 securityContext:
-    runAsUser: 0
+    runAsUser: 503
+    runAsGroup: 500
     capabilities:
      drop:
      - ALL