mirrors/node-feature-discovery
mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2025-03-13 20:30:03 +00:00
Code Activity

Make all mounts in deployment templates read-only

Browse source 
NFD-Worker does not need write access.
This commit is contained in:
Markus Lehtonen 2020-11-20 11:32:33 +02:00
parent e850dfce5e
commit 9d5dc4da1a
3 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
nfd-daemonset-combined.yaml.template
View file

@ -98,10 +98,13 @@ spec:
readOnly: true
- name: host-sys
mountPath: "/host-sys"
readOnly: true
- name: source-d
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
readOnly: true
- name: features-d
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
readOnly: true
volumes:
- name: host-boot
hostPath:

3
nfd-worker-daemonset.yaml.template
View file

@ -50,10 +50,13 @@ spec:
readOnly: true
- name: host-sys
mountPath: "/host-sys"
readOnly: true
- name: source-d
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
readOnly: true
- name: features-d
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
readOnly: true
## Enable TLS authentication (2/3)
# - name: nfd-ca-cert
# mountPath: "/etc/kubernetes/node-feature-discovery/trust"

3
nfd-worker-job.yaml.template
View file

@ -52,10 +52,13 @@ spec:
readOnly: true
- name: host-sys
mountPath: "/host-sys"
readOnly: true
- name: source-d
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
readOnly: true
- name: features-d
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
readOnly: true
restartPolicy: Never
volumes:
- name: host-boot