mirror of
https://github.com/carlosedp/cluster-monitoring.git
synced 2024-11-20 19:07:17 +01:00
Fix ES deployment
This commit is contained in:
parent
f2bbdfec98
commit
b1d0a1fe1c
@ -29,7 +29,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
|
||||
container.mixin.securityContext.capabilities.withDrop(['SETPCAP' , 'MKNOD' , 'AUDIT_WRITE' , 'CHOWN' , 'NET_RAW' , 'DAC_OVERRIDE' , 'FOWNER' , 'FSETID' , 'KILL' , 'SETGID' , 'SETUID' , 'NET_BIND_SERVICE' , 'SYS_CHROOT' , 'SETFCAP']) +
|
||||
container.mixin.securityContext.withRunAsNonRoot(true) +
|
||||
container.mixin.securityContext.withRunAsUser(1000) +
|
||||
container.mixin.securityContext.withReadOnlyRootFilesystem('true') +
|
||||
container.mixin.securityContext.withReadOnlyRootFilesystem(true) +
|
||||
container.mixin.resources.withRequests({memory: "64Mi", cpu: "25m"}) +
|
||||
container.mixin.resources.withLimits({memory: "128Mi", cpu: "100m"}) +
|
||||
container.mixin.livenessProbe.httpGet.withPath('/health') +
|
||||
|
@ -67,7 +67,7 @@ spec:
|
||||
- NET_BIND_SERVICE
|
||||
- SYS_CHROOT
|
||||
- SETFCAP
|
||||
readOnlyRootFilesystem: "true"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
restartPolicy: Always
|
||||
|
Loading…
Reference in New Issue
Block a user