Mirrors/rpi.carlosedp.cluster-monitoring
1
0
Fork 0
mirror of https://github.com/carlosedp/cluster-monitoring.git synced 2024-11-20 19:07:17 +01:00
Code Issues Projects Releases Wiki Activity

Fix ES deployment

Browse Source
This commit is contained in:
CarlosEDP 2019-02-27 09:32:17 -03:00
parent f2bbdfec98
commit b1d0a1fe1c
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
elasticsearch_exporter.jsonnet
View File

@ -29,7 +29,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
container.mixin.securityContext.capabilities.withDrop(['SETPCAP' , 'MKNOD' , 'AUDIT_WRITE' , 'CHOWN' , 'NET_RAW' , 'DAC_OVERRIDE' , 'FOWNER' , 'FSETID' , 'KILL' , 'SETGID' , 'SETUID' , 'NET_BIND_SERVICE' , 'SYS_CHROOT' , 'SETFCAP']) +
container.mixin.securityContext.withRunAsNonRoot(true) +
container.mixin.securityContext.withRunAsUser(1000) +
container.mixin.securityContext.withReadOnlyRootFilesystem('true') +
container.mixin.securityContext.withReadOnlyRootFilesystem(true) +
container.mixin.resources.withRequests({memory: "64Mi", cpu: "25m"}) +
container.mixin.resources.withLimits({memory: "128Mi", cpu: "100m"}) +
container.mixin.livenessProbe.httpGet.withPath('/health') +

2
manifests/elasticexporter-deployment.yaml
View File

@ -67,7 +67,7 @@ spec:
- NET_BIND_SERVICE
- SYS_CHROOT
- SETFCAP
readOnlyRootFilesystem: "true"
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
restartPolicy: Always