Skip to content

Commit

Permalink
feat(deploy): remove hostpid from daemonse
Browse files Browse the repository at this point in the history
Signed-off-by: daemon1024 <[email protected]>
  • Loading branch information
daemon1024 committed Oct 30, 2024
1 parent 0ebe696 commit e5841ac
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
2 changes: 1 addition & 1 deletion deployments/get/objects.go
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,7 @@ func GenerateDaemonSet(env, namespace string) *appsv1.DaemonSet {
var terminationGracePeriodSeconds = int64(60)
var args = []string{
"-gRPC=" + strconv.Itoa(int(port)),
"-procfsMount=/host/procfs",
}

var containerVolumeMounts = []corev1.VolumeMount{
Expand Down Expand Up @@ -381,7 +382,6 @@ func GenerateDaemonSet(env, namespace string) *appsv1.DaemonSet {
Operator: "Exists",
},
},
HostPID: true,
HostNetwork: true,
RestartPolicy: "Always",
DNSPolicy: "ClusterFirstWithHostNet",
Expand Down
14 changes: 14 additions & 0 deletions pkg/KubeArmorOperator/common/defaults.go
Original file line number Diff line number Diff line change
Expand Up @@ -237,13 +237,27 @@ var CommonVolumes = []corev1.Volume{
},
},
},
{
Name: "proc-fs-mount",
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: "/proc",
Type: &HostPathDirectory,
},
},
},
}

var CommonVolumesMount = []corev1.VolumeMount{
{
Name: "sys-kernel-debug-path",
MountPath: "/sys/kernel/debug",
},
{
Name: "proc-fs-mount",
MountPath: "/host/procfs",
ReadOnly: true,
},
}

var KubeArmorCaVolume = []corev1.Volume{
Expand Down

0 comments on commit e5841ac

Please sign in to comment.