readOnlyRootFilesystem: true for Prometheus exporters charts

Fix for adding readOnlyRootFilesystem flag at pod
level

Change-Id: I3d81f9dca7e1bce0134a39a96b96ef7712d28d84
This commit is contained in:
Rahul Khiyani 2019-02-26 08:39:44 -05:00
parent e836707ad0
commit 5b513d333f
5 changed files with 10 additions and 0 deletions

View File

@ -45,6 +45,8 @@ spec:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
securityContext:
readOnlyRootFilesystem: true
{{ dict "envAll" $envAll "application" "alertmanager" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
affinity:

View File

@ -108,6 +108,8 @@ spec:
labels:
{{ tuple $envAll "kube-state-metrics" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
securityContext:
readOnlyRootFilesystem: true
{{ dict "envAll" $envAll "application" "kube_state_metrics" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:

View File

@ -53,6 +53,8 @@ spec:
{{ tuple $envAll "node_exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
namespace: {{ .Values.endpoints.node_metrics.namespace }}
spec:
securityContext:
readOnlyRootFilesystem: true
serviceAccountName: {{ $serviceAccountName }}
{{ if .Values.pod.tolerations.node_exporter.enabled }}
{{ tuple $envAll "node_exporter" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}

View File

@ -40,6 +40,8 @@ spec:
labels:
{{ tuple $envAll "prometheus-openstack-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
securityContext:
readOnlyRootFilesystem: true
{{ dict "envAll" $envAll "application" "openstack_exporter" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:

View File

@ -51,6 +51,8 @@ spec:
labels:
{{ tuple $envAll "process_exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
securityContext:
readOnlyRootFilesystem: true
serviceAccountName: {{ $serviceAccountName }}
{{ if .Values.pod.tolerations.process_exporter.enabled }}
{{ tuple $envAll "process_exporter" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}