specify ReadOnlyRootFilesystem: false for pod security policies (#560)
Explicitly specify ReadOnlyRootFilesystem: false so kubernetes can pick a less restrictive policy the operator has access to.
This commit is contained in:
Erik Inge Bolsø
Felix Kunde
parent
44acd7e4db
commit
c65a9baedf
|
|
@ -359,6 +359,8 @@ func generateContainer(
|
||||||
volumeMounts []v1.VolumeMount,
|
volumeMounts []v1.VolumeMount,
|
||||||
privilegedMode bool,
|
privilegedMode bool,
|
||||||
) *v1.Container {
|
) *v1.Container {
|
||||||
|
falseBool := false
|
||||||
|
|
||||||
return &v1.Container{
|
return &v1.Container{
|
||||||
Name: name,
|
Name: name,
|
||||||
Image: *dockerImage,
|
Image: *dockerImage,
|
||||||
|
|
@ -382,6 +384,7 @@ func generateContainer(
|
||||||
Env: envVars,
|
Env: envVars,
|
||||||
SecurityContext: &v1.SecurityContext{
|
SecurityContext: &v1.SecurityContext{
|
||||||
Privileged: &privilegedMode,
|
Privileged: &privilegedMode,
|
||||||
|
ReadOnlyRootFilesystem: &falseBool,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue