CadolesKube/typhoon
7
0
Fork 0
mirror of https://github.com/puppetmaster/typhoon.git synced 2025-07-01 09:44:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Change Kubelet /var/lib/calico mount to read-only (#643)

Browse Source 
* Kubelet only requires read access to /var/lib/calico

Signed-off-by: Suraj Deshmukh <surajd.service@gmail.com>
This commit is contained in:
Suraj Deshmukh
2020-02-19 11:10:58 +05:30
committed by GitHub
parent 7ca03e5219
commit c4e64a9d1b
16 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
google-cloud/container-linux/kubernetes/cl/controller.yaml
View File

@ -78,7 +78,7 @@ systemd:
--mount volume=run,target=/run \
--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
--volume var-lib-calico,kind=host,source=/var/lib/calico \
--volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \
--mount volume=var-lib-calico,target=/var/lib/calico \
--volume var-lib-docker,kind=host,source=/var/lib/docker \
--mount volume=var-lib-docker,target=/var/lib/docker \

2
google-cloud/container-linux/kubernetes/workers/cl/worker.yaml
View File

@ -53,7 +53,7 @@ systemd:
--mount volume=run,target=/run \
--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
--volume var-lib-calico,kind=host,source=/var/lib/calico \
--volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=true \
--mount volume=var-lib-calico,target=/var/lib/calico \
--volume var-lib-docker,kind=host,source=/var/lib/docker \
--mount volume=var-lib-docker,target=/var/lib/docker \