Skip to content

Commit c351ea5

Browse files
author
Michael Chmielewski
committed
Tighten up requird volume mounts, and access to existing mounts
1 parent 7879bf3 commit c351ea5

File tree

1 file changed

+2
-10
lines changed

1 file changed

+2
-10
lines changed

TSKubernetesDaemonSet.yaml

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,7 @@ spec:
9494
volumeMounts:
9595
- name: hostfs
9696
mountPath: /threatstackfs
97+
readOnly: true
9798
volumes:
9899
- hostPath:
99100
path: /
@@ -149,22 +150,13 @@ spec:
149150
volumeMounts:
150151
- name: hostfs
151152
mountPath: /threatstackfs
153+
readOnly: true
152154
- name: kernel-debug
153155
mountPath: /sys/kernel/debug
154-
- name: cgroup
155-
mountPath: /sys/fs/cgroup
156-
- name: bpf
157-
mountPath: /sys/fs/bpf
158156
volumes:
159157
- hostPath:
160158
path: /
161159
name: hostfs
162160
- hostPath:
163161
path: /sys/kernel/debug
164162
name: kernel-debug
165-
- hostPath:
166-
path: /sys/fs/cgroup
167-
name: cgroup
168-
- hostPath:
169-
path: /sys/fs/bpf
170-
name: bpf

0 commit comments

Comments
 (0)