diff --git a/aws/container-linux/kubernetes/cl/controller.yaml b/aws/container-linux/kubernetes/cl/controller.yaml index 670bb39f..3e2a777b 100644 --- a/aws/container-linux/kubernetes/cl/controller.yaml +++ b/aws/container-linux/kubernetes/cl/controller.yaml @@ -79,7 +79,7 @@ systemd: --mount volume=run,target=/run \ --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ - --volume var-lib-calico,kind=host,source=/var/lib/calico \ + --volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \ --mount volume=var-lib-calico,target=/var/lib/calico \ --volume var-lib-docker,kind=host,source=/var/lib/docker \ --mount volume=var-lib-docker,target=/var/lib/docker \ diff --git a/aws/container-linux/kubernetes/workers/cl/worker.yaml b/aws/container-linux/kubernetes/workers/cl/worker.yaml index cd8fc92c..1eac9085 100644 --- a/aws/container-linux/kubernetes/workers/cl/worker.yaml +++ b/aws/container-linux/kubernetes/workers/cl/worker.yaml @@ -54,7 +54,7 @@ systemd: --mount volume=run,target=/run \ --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ - --volume var-lib-calico,kind=host,source=/var/lib/calico \ + --volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \ --mount volume=var-lib-calico,target=/var/lib/calico \ --volume var-lib-docker,kind=host,source=/var/lib/docker \ --mount volume=var-lib-docker,target=/var/lib/docker \ diff --git a/aws/fedora-coreos/kubernetes/fcc/controller.yaml b/aws/fedora-coreos/kubernetes/fcc/controller.yaml index f9aaf6be..a90558c7 100644 --- a/aws/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/aws/fedora-coreos/kubernetes/fcc/controller.yaml @@ -73,7 +73,7 @@ systemd: --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ --volume /sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd \ --volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \ - --volume /var/lib/calico:/var/lib/calico \ + --volume /var/lib/calico:/var/lib/calico:ro \ --volume /var/lib/docker:/var/lib/docker \ --volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \ --volume /var/log:/var/log \ diff --git a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml index 7d1d536d..992cb604 100644 --- a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml @@ -43,7 +43,7 @@ systemd: --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ --volume /sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd \ --volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \ - --volume /var/lib/calico:/var/lib/calico \ + --volume /var/lib/calico:/var/lib/calico:ro \ --volume /var/lib/docker:/var/lib/docker \ --volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \ --volume /var/log:/var/log \ diff --git a/azure/container-linux/kubernetes/cl/controller.yaml b/azure/container-linux/kubernetes/cl/controller.yaml index 4f18d6bb..850c7173 100644 --- a/azure/container-linux/kubernetes/cl/controller.yaml +++ b/azure/container-linux/kubernetes/cl/controller.yaml @@ -78,7 +78,7 @@ systemd: --mount volume=run,target=/run \ --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ - --volume var-lib-calico,kind=host,source=/var/lib/calico \ + --volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \ --mount volume=var-lib-calico,target=/var/lib/calico \ --volume var-lib-docker,kind=host,source=/var/lib/docker \ --mount volume=var-lib-docker,target=/var/lib/docker \ diff --git a/azure/container-linux/kubernetes/workers/cl/worker.yaml b/azure/container-linux/kubernetes/workers/cl/worker.yaml index 994c8f4c..fe7fb84c 100644 --- a/azure/container-linux/kubernetes/workers/cl/worker.yaml +++ b/azure/container-linux/kubernetes/workers/cl/worker.yaml @@ -53,7 +53,7 @@ systemd: --mount volume=run,target=/run \ --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ - --volume var-lib-calico,kind=host,source=/var/lib/calico \ + --volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \ --mount volume=var-lib-calico,target=/var/lib/calico \ --volume var-lib-docker,kind=host,source=/var/lib/docker \ --mount volume=var-lib-docker,target=/var/lib/docker \ diff --git a/bare-metal/container-linux/kubernetes/cl/controller.yaml b/bare-metal/container-linux/kubernetes/cl/controller.yaml index 5fe9d7cc..4f5dd370 100644 --- a/bare-metal/container-linux/kubernetes/cl/controller.yaml +++ b/bare-metal/container-linux/kubernetes/cl/controller.yaml @@ -87,7 +87,7 @@ systemd: --mount volume=run,target=/run \ --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ - --volume var-lib-calico,kind=host,source=/var/lib/calico \ + --volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \ --mount volume=var-lib-calico,target=/var/lib/calico \ --volume var-lib-docker,kind=host,source=/var/lib/docker \ --mount volume=var-lib-docker,target=/var/lib/docker \ diff --git a/bare-metal/container-linux/kubernetes/cl/worker.yaml b/bare-metal/container-linux/kubernetes/cl/worker.yaml index 5a1db8ac..8f6e984f 100644 --- a/bare-metal/container-linux/kubernetes/cl/worker.yaml +++ b/bare-metal/container-linux/kubernetes/cl/worker.yaml @@ -62,7 +62,7 @@ systemd: --mount volume=run,target=/run \ --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ - --volume var-lib-calico,kind=host,source=/var/lib/calico \ + --volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \ --mount volume=var-lib-calico,target=/var/lib/calico \ --volume var-lib-docker,kind=host,source=/var/lib/docker \ --mount volume=var-lib-docker,target=/var/lib/docker \ diff --git a/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml b/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml index c8cc0979..6a6f74e2 100644 --- a/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml @@ -72,7 +72,7 @@ systemd: --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ --volume /sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd \ --volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \ - --volume /var/lib/calico:/var/lib/calico \ + --volume /var/lib/calico:/var/lib/calico:ro \ --volume /var/lib/docker:/var/lib/docker \ --volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \ --volume /var/log:/var/log \ diff --git a/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml b/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml index 49b05d53..c0e09b58 100644 --- a/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml @@ -42,7 +42,7 @@ systemd: --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ --volume /sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd \ --volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \ - --volume /var/lib/calico:/var/lib/calico \ + --volume /var/lib/calico:/var/lib/calico:ro \ --volume /var/lib/docker:/var/lib/docker \ --volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \ --volume /var/log:/var/log \ diff --git a/digital-ocean/container-linux/kubernetes/cl/controller.yaml b/digital-ocean/container-linux/kubernetes/cl/controller.yaml index c011427d..f751e682 100644 --- a/digital-ocean/container-linux/kubernetes/cl/controller.yaml +++ b/digital-ocean/container-linux/kubernetes/cl/controller.yaml @@ -89,7 +89,7 @@ systemd: --mount volume=run,target=/run \ --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ - --volume var-lib-calico,kind=host,source=/var/lib/calico \ + --volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \ --mount volume=var-lib-calico,target=/var/lib/calico \ --volume var-lib-docker,kind=host,source=/var/lib/docker \ --mount volume=var-lib-docker,target=/var/lib/docker \ diff --git a/digital-ocean/container-linux/kubernetes/cl/worker.yaml b/digital-ocean/container-linux/kubernetes/cl/worker.yaml index 94714efb..0a23c0cc 100644 --- a/digital-ocean/container-linux/kubernetes/cl/worker.yaml +++ b/digital-ocean/container-linux/kubernetes/cl/worker.yaml @@ -64,7 +64,7 @@ systemd: --mount volume=run,target=/run \ --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ - --volume var-lib-calico,kind=host,source=/var/lib/calico \ + --volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \ --mount volume=var-lib-calico,target=/var/lib/calico \ --volume var-lib-docker,kind=host,source=/var/lib/docker \ --mount volume=var-lib-docker,target=/var/lib/docker \ diff --git a/google-cloud/container-linux/kubernetes/cl/controller.yaml b/google-cloud/container-linux/kubernetes/cl/controller.yaml index d7f0a744..4f286eee 100644 --- a/google-cloud/container-linux/kubernetes/cl/controller.yaml +++ b/google-cloud/container-linux/kubernetes/cl/controller.yaml @@ -78,7 +78,7 @@ systemd: --mount volume=run,target=/run \ --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ - --volume var-lib-calico,kind=host,source=/var/lib/calico \ + --volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \ --mount volume=var-lib-calico,target=/var/lib/calico \ --volume var-lib-docker,kind=host,source=/var/lib/docker \ --mount volume=var-lib-docker,target=/var/lib/docker \ diff --git a/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml b/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml index 766fe98d..26dffd3e 100644 --- a/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml +++ b/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml @@ -53,7 +53,7 @@ systemd: --mount volume=run,target=/run \ --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ - --volume var-lib-calico,kind=host,source=/var/lib/calico \ + --volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \ --mount volume=var-lib-calico,target=/var/lib/calico \ --volume var-lib-docker,kind=host,source=/var/lib/docker \ --mount volume=var-lib-docker,target=/var/lib/docker \ diff --git a/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml b/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml index f9aaf6be..a90558c7 100644 --- a/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml @@ -73,7 +73,7 @@ systemd: --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ --volume /sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd \ --volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \ - --volume /var/lib/calico:/var/lib/calico \ + --volume /var/lib/calico:/var/lib/calico:ro \ --volume /var/lib/docker:/var/lib/docker \ --volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \ --volume /var/log:/var/log \ diff --git a/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml index 7d1d536d..992cb604 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml @@ -43,7 +43,7 @@ systemd: --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ --volume /sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd \ --volume /etc/pki/tls/certs:/usr/share/ca-certificates:ro \ - --volume /var/lib/calico:/var/lib/calico \ + --volume /var/lib/calico:/var/lib/calico:ro \ --volume /var/lib/docker:/var/lib/docker \ --volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \ --volume /var/log:/var/log \