Skip to content

Commit bc09d7c

Browse files
dusk125dusk125
committed
Fix errors
1 parent 660e0bb commit bc09d7c

File tree

1 file changed

+7
-2
lines changed

1 file changed

+7
-2
lines changed

pkg/controller/registry/reconciler/reconciler.go

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -293,6 +293,9 @@ func Pod(source *operatorsv1alpha1.CatalogSource, name, opmImg, utilImage, img s
293293
Args: []string{"/bin/copy-content", fmt.Sprintf("%s/copy-content", utilitiesPath)},
294294
VolumeMounts: []corev1.VolumeMount{utilitiesVolumeMount},
295295
TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
296+
SecurityContext: &corev1.SecurityContext{
297+
ReadOnlyRootFilesystem: ptr.To(true),
298+
},
296299
}, corev1.Container{
297300
Name: "extract-content",
298301
Image: img,
@@ -301,8 +304,12 @@ func Pod(source *operatorsv1alpha1.CatalogSource, name, opmImg, utilImage, img s
301304
Args: extractArgs,
302305
VolumeMounts: []corev1.VolumeMount{utilitiesVolumeMount, contentVolumeMount},
303306
TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
307+
SecurityContext: &corev1.SecurityContext{
308+
ReadOnlyRootFilesystem: ptr.To(true),
309+
},
304310
})
305311

312+
pod.Spec.Containers[0].SecurityContext.ReadOnlyRootFilesystem = ptr.To(true)
306313
pod.Spec.Containers[0].Image = opmImg
307314
pod.Spec.Containers[0].Command = []string{"/bin/opm"}
308315
pod.Spec.Containers[0].ImagePullPolicy = image.InferImagePullPolicy(opmImg)
@@ -371,7 +378,6 @@ func addSecurityContext(pod *corev1.Pod, runAsUser int64) {
371378
pod.Spec.InitContainers[i].SecurityContext = &corev1.SecurityContext{}
372379
}
373380
pod.Spec.InitContainers[i].SecurityContext.AllowPrivilegeEscalation = ptr.To(false)
374-
pod.Spec.InitContainers[i].SecurityContext.ReadOnlyRootFilesystem = pod.Spec.SecurityContext.RunAsNonRoot
375381
pod.Spec.InitContainers[i].SecurityContext.Capabilities = &corev1.Capabilities{
376382
Drop: []corev1.Capability{"ALL"},
377383
}
@@ -381,7 +387,6 @@ func addSecurityContext(pod *corev1.Pod, runAsUser int64) {
381387
pod.Spec.Containers[i].SecurityContext = &corev1.SecurityContext{}
382388
}
383389
pod.Spec.Containers[i].SecurityContext.AllowPrivilegeEscalation = ptr.To(false)
384-
pod.Spec.Containers[i].SecurityContext.ReadOnlyRootFilesystem = pod.Spec.SecurityContext.RunAsNonRoot
385390
pod.Spec.Containers[i].SecurityContext.Capabilities = &corev1.Capabilities{
386391
Drop: []corev1.Capability{"ALL"},
387392
}

0 commit comments

Comments
 (0)