openstack/openstack-helm-infra
Code Issues Proposed changes

Kibana: set read-only-fs

Browse Source 
This PS permits read-only filesystems to back the containers by setting
the default to true

Additionally /run is uniformly applied across all long running pods
as a memory backed emptydir

Change-Id: Ia7344e2c8caa1f25101bf30445cdfe277f89c143
This commit is contained in:
RAHUL KHIYANI 2019-05-07 13:40:24 -05:00 committed by Rahul Khiyani
parent 28fb847ab1
commit 366357d893
3 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
kibana/templates/deployment.yaml
View File

@ -117,12 +117,14 @@ spec:
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: pod-run
mountPath: /run
- name: kibana-bin
mountPath: /tmp/kibana.sh
subPath: kibana.sh
readOnly: true
- name: pod-etc-kibana
mountPath: /usr/share/kibana/config
mountPath: /usr/share/kibana/optimize
- name: kibana-etc
mountPath: /usr/share/kibana/config/kibana.yml
subPath: kibana.yml
@ -130,6 +132,9 @@ spec:
volumes:
- name: pod-tmp
emptyDir: {}
- name: pod-run
emptyDir:
medium: "Memory"
- name: pod-etc-kibana
emptyDir: {}
- name: kibana-bin

5
kibana/templates/job-register-kibana-indexes.yaml
View File

@ -60,6 +60,8 @@ spec:
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: pod-run
mountPath: /run
- name: kibana-bin
mountPath: /tmp/create_kibana_index_patterns.sh
subPath: create_kibana_index_patterns.sh
@ -67,6 +69,9 @@ spec:
volumes:
- name: pod-tmp
emptyDir: {}
- name: pod-run
emptyDir:
medium: "Memory"
- name: kibana-bin
configMap:
name: kibana-bin

4
kibana/values.yaml
View File

@ -45,14 +45,14 @@ pod:
readOnlyRootFilesystem: false
kibana:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
register_kibana_indexes:
pod:
runAsUser: 999
container:
register_kibana_indexes:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
affinity:
anti:
type: