Skip to content

Commit

Permalink
update manifests for kiali-operator read-only root filesystem support (
Browse files Browse the repository at this point in the history 
…#729)

* update manifests for kiali-operator read-only root filesystem support

* set readOnlyRootFilesystem to true

* add ANSIBLE_REMOTE_TEMP env var
  • Loading branch information
@eli-gc
eli-gc authored Nov 30, 2023
1 parent d2112e8 commit b2ebc82
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 9 deletions.
11 changes: 8 additions & 3 deletions manifests/kiali-community/1.78.0/manifests/kiali.v1.78.0.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,12 +254,13 @@ spec:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
- mountPath: /tmp
name: tmp
env:
- name: WATCH_NAMESPACE
valueFrom:
Expand Down Expand Up @@ -295,6 +296,10 @@ spec:
value: "1"
- name: ANSIBLE_CONFIG
value: "/etc/ansible/ansible.cfg"
- name: ANSIBLE_LOCAL_TEMP
value: "/tmp/ansible/tmp"
- name: ANSIBLE_REMOTE_TEMP
value: "/tmp/ansible/tmp"
ports:
- name: http-metrics
containerPort: 8080
Expand All @@ -303,7 +308,7 @@ spec:
cpu: "10m"
memory: "64Mi"
volumes:
- name: runner
- name: tmp
emptyDir: {}
clusterPermissions:
- rules:
Expand Down
11 changes: 8 additions & 3 deletions manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -264,12 +264,13 @@ spec:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
- mountPath: /tmp
name: tmp
env:
- name: WATCH_NAMESPACE
valueFrom:
Expand Down Expand Up @@ -305,6 +306,10 @@ spec:
value: "1"
- name: ANSIBLE_CONFIG
value: "/etc/ansible/ansible.cfg"
- name: ANSIBLE_LOCAL_TEMP
value: "/tmp/ansible/tmp"
- name: ANSIBLE_REMOTE_TEMP
value: "/tmp/ansible/tmp"
- name: RELATED_IMAGE_kiali_default
value: "${KIALI_1_73}"
- name: RELATED_IMAGE_kiali_v1_73
Expand All @@ -325,7 +330,7 @@ spec:
cpu: "10m"
memory: "64Mi"
volumes:
- name: runner
- name: tmp
emptyDir: {}
clusterPermissions:
- rules:
Expand Down
11 changes: 8 additions & 3 deletions manifests/kiali-upstream/1.78.0/manifests/kiali.v1.78.0.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,12 +205,13 @@ spec:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
- mountPath: /tmp
name: tmp
env:
- name: WATCH_NAMESPACE
valueFrom:
Expand Down Expand Up @@ -242,6 +243,10 @@ spec:
value: "1"
- name: ANSIBLE_CONFIG
value: "/etc/ansible/ansible.cfg"
- name: ANSIBLE_LOCAL_TEMP
value: "/tmp/ansible/tmp"
- name: ANSIBLE_REMOTE_TEMP
value: "/tmp/ansible/tmp"
ports:
- name: http-metrics
containerPort: 8080
Expand All @@ -250,7 +255,7 @@ spec:
cpu: "10m"
memory: "64Mi"
volumes:
- name: runner
- name: tmp
emptyDir: {}
clusterPermissions:
- rules:
Expand Down

0 comments on commit b2ebc82

Please sign in to comment.