github/intel-device-plugins-for-kubernetes
7
0
Fork 0
mirror of https://github.com/intel/intel-device-plugins-for-kubernetes.git synced 2025-06-03 03:59:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #215 from mythi/rofs

Browse Source 
deployments: set readOnlyRootFilesystem
This commit is contained in:
Ed Bartosh 2019-09-03 14:52:42 +03:00 committed by GitHub
commit 31fd36c047
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deployments/fpga_admissionwebhook/deployment-tpl.yaml
View File

@ -15,6 +15,8 @@ spec:
- name: fpga-mutator - name: fpga-mutator
image: intel/intel-fpga-admissionwebhook:devel image: intel/intel-fpga-admissionwebhook:devel
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
args: args:
- -tls-cert-file=/etc/webhook/certs/cert.pem - -tls-cert-file=/etc/webhook/certs/cert.pem
- -tls-private-key-file=/etc/webhook/certs/key.pem - -tls-private-key-file=/etc/webhook/certs/key.pem

4
deployments/fpga_plugin/fpga_plugin.yaml
View File

@ -19,6 +19,8 @@ spec:
- name: intel-fpga-initcontainer - name: intel-fpga-initcontainer
image: intel/intel-fpga-initcontainer:devel image: intel/intel-fpga-initcontainer:devel
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
volumeMounts: volumeMounts:
- mountPath: /opt/intel/fpga-sw - mountPath: /opt/intel/fpga-sw
name: intel-fpga-sw name: intel-fpga-sw
@ -33,6 +35,8 @@ spec:
fieldPath: spec.nodeName fieldPath: spec.nodeName
image: intel/intel-fpga-plugin:devel image: intel/intel-fpga-plugin:devel
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
volumeMounts: volumeMounts:
- name: devfs - name: devfs
mountPath: /dev mountPath: /dev

2
deployments/gpu_plugin/gpu_plugin.yaml
View File

@ -23,6 +23,8 @@ spec:
fieldPath: spec.nodeName fieldPath: spec.nodeName
image: intel/intel-gpu-plugin:devel image: intel/intel-gpu-plugin:devel
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
volumeMounts: volumeMounts:
- name: devfs - name: devfs
mountPath: /dev mountPath: /dev

2
deployments/qat_dpdk_app/base/crypto-perf-dpdk-pod-requesting-qat.yaml
View File

@ -9,6 +9,8 @@ spec:
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: [ "/bin/bash", "-c", "--" ] command: [ "/bin/bash", "-c", "--" ]
args: [ "while true; do sleep 300000; done;" ] args: [ "while true; do sleep 300000; done;" ]
securityContext:
readOnlyRootFilesystem: true
volumeMounts: volumeMounts:
- mountPath: /dev/hugepages - mountPath: /dev/hugepages
name: hugepage name: hugepage

2
deployments/qat_plugin/qat_plugin.yaml
View File

@ -16,6 +16,8 @@ spec:
containers: containers:
- name: intel-qat-plugin - name: intel-qat-plugin
image: intel/intel-qat-plugin:devel image: intel/intel-qat-plugin:devel
securityContext:
readOnlyRootFilesystem: true
env: env:
- name: DPDK_DRIVER - name: DPDK_DRIVER
valueFrom: valueFrom:

1
deployments/qat_plugin/qat_plugin_kernel_mode.yaml
View File

@ -16,6 +16,7 @@ spec:
containers: containers:
- name: intel-qat-kernel-plugin - name: intel-qat-kernel-plugin
securityContext: securityContext:
readOnlyRootFilesystem: true
privileged: true privileged: true
image: intel/intel-qat-plugin:devel image: intel/intel-qat-plugin:devel
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent