diff --git a/manifests/kiali-community/1.78.0/manifests/kiali.v1.78.0.clusterserviceversion.yaml b/manifests/kiali-community/1.78.0/manifests/kiali.v1.78.0.clusterserviceversion.yaml index adda6b58..04087195 100644 --- a/manifests/kiali-community/1.78.0/manifests/kiali.v1.78.0.clusterserviceversion.yaml +++ b/manifests/kiali-community/1.78.0/manifests/kiali.v1.78.0.clusterserviceversion.yaml @@ -254,12 +254,13 @@ spec: allowPrivilegeEscalation: false privileged: false runAsNonRoot: true + readOnlyRootFilesystem: true capabilities: drop: - ALL volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner + - mountPath: /tmp + name: tmp env: - name: WATCH_NAMESPACE valueFrom: @@ -295,6 +296,10 @@ spec: value: "1" - name: ANSIBLE_CONFIG value: "/etc/ansible/ansible.cfg" + - name: ANSIBLE_LOCAL_TEMP + value: "/tmp/ansible/tmp" + - name: ANSIBLE_REMOTE_TEMP + value: "/tmp/ansible/tmp" ports: - name: http-metrics containerPort: 8080 @@ -303,7 +308,7 @@ spec: cpu: "10m" memory: "64Mi" volumes: - - name: runner + - name: tmp emptyDir: {} clusterPermissions: - rules: diff --git a/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml b/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml index 880c7cee..7f24dca8 100644 --- a/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml +++ b/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml @@ -264,12 +264,13 @@ spec: allowPrivilegeEscalation: false privileged: false runAsNonRoot: true + readOnlyRootFilesystem: true capabilities: drop: - ALL volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner + - mountPath: /tmp + name: tmp env: - name: WATCH_NAMESPACE valueFrom: @@ -305,6 +306,10 @@ spec: value: "1" - name: ANSIBLE_CONFIG value: "/etc/ansible/ansible.cfg" + - name: ANSIBLE_LOCAL_TEMP + value: "/tmp/ansible/tmp" + - name: ANSIBLE_REMOTE_TEMP + value: "/tmp/ansible/tmp" - name: RELATED_IMAGE_kiali_default value: "${KIALI_1_73}" - name: RELATED_IMAGE_kiali_v1_73 @@ -325,7 +330,7 @@ spec: cpu: "10m" memory: "64Mi" volumes: - - name: runner + - name: tmp emptyDir: {} clusterPermissions: - rules: diff --git a/manifests/kiali-upstream/1.78.0/manifests/kiali.v1.78.0.clusterserviceversion.yaml b/manifests/kiali-upstream/1.78.0/manifests/kiali.v1.78.0.clusterserviceversion.yaml index 3e5f8c13..bf71a922 100644 --- a/manifests/kiali-upstream/1.78.0/manifests/kiali.v1.78.0.clusterserviceversion.yaml +++ b/manifests/kiali-upstream/1.78.0/manifests/kiali.v1.78.0.clusterserviceversion.yaml @@ -205,12 +205,13 @@ spec: allowPrivilegeEscalation: false privileged: false runAsNonRoot: true + readOnlyRootFilesystem: true capabilities: drop: - ALL volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner + - mountPath: /tmp + name: tmp env: - name: WATCH_NAMESPACE valueFrom: @@ -242,6 +243,10 @@ spec: value: "1" - name: ANSIBLE_CONFIG value: "/etc/ansible/ansible.cfg" + - name: ANSIBLE_LOCAL_TEMP + value: "/tmp/ansible/tmp" + - name: ANSIBLE_REMOTE_TEMP + value: "/tmp/ansible/tmp" ports: - name: http-metrics containerPort: 8080 @@ -250,7 +255,7 @@ spec: cpu: "10m" memory: "64Mi" volumes: - - name: runner + - name: tmp emptyDir: {} clusterPermissions: - rules: