readOnlyRootFilesystem: true for Prometheus exporters charts
Fix for adding readOnlyRootFilesystem flag at pod level Change-Id: I3d81f9dca7e1bce0134a39a96b96ef7712d28d84
This commit is contained in:
parent
e836707ad0
commit
5b513d333f
@ -45,6 +45,8 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
{{ dict "envAll" $envAll "application" "alertmanager" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
|
@ -108,6 +108,8 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "kube-state-metrics" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
{{ dict "envAll" $envAll "application" "kube_state_metrics" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
nodeSelector:
|
||||
|
@ -53,6 +53,8 @@ spec:
|
||||
{{ tuple $envAll "node_exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
namespace: {{ .Values.endpoints.node_metrics.namespace }}
|
||||
spec:
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
{{ if .Values.pod.tolerations.node_exporter.enabled }}
|
||||
{{ tuple $envAll "node_exporter" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
|
||||
|
@ -40,6 +40,8 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "prometheus-openstack-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
{{ dict "envAll" $envAll "application" "openstack_exporter" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
nodeSelector:
|
||||
|
@ -51,6 +51,8 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "process_exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
{{ if .Values.pod.tolerations.process_exporter.enabled }}
|
||||
{{ tuple $envAll "process_exporter" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
|
||||
|
Loading…
Reference in New Issue
Block a user