Skip to content

Commit

Permalink
fix: cadvisor: make /var/run read-only again and remove workaround to…
Browse files Browse the repository at this point in the history 
… not mount sa token
  • Loading branch information
@sjentzsch
sjentzsch committed Sep 14, 2023
1 parent 5369235 commit 1f9242f
Showing 1 changed file with 1 addition and 6 deletions.
7 changes: 1 addition & 6 deletions deploy/charts/checkmk/templates/node-collector-container-metrics-ds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,12 +70,9 @@ spec:
name: http
protocol: TCP
volumeMounts:
- name: no-api-access
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
readOnly: true
- name: var-run
mountPath: /var/run
# readOnly: true # needs to be disabled, otherwise we cannot deny api-access
readOnly: true
- name: sys
mountPath: /sys
readOnly: true
Expand Down Expand Up @@ -117,8 +114,6 @@ spec:
{{- toYaml .Values.nodeCollector.containerMetricsCollector.resources | nindent 12 }}
terminationGracePeriodSeconds: 30
volumes:
- name: no-api-access
emptyDir: {}
- name: var-run
hostPath:
path: /var/run
Expand Down

0 comments on commit 1f9242f

Please sign in to comment.