From b99a67509e639be348be43d4c32e5c37f8518d00 Mon Sep 17 00:00:00 2001 From: Dmitry Volodin Date: Thu, 5 Dec 2024 23:27:08 +0300 Subject: [PATCH] :sparkles: Able to run controller inside the container platform with write access to root restrictions --- config/manager/manager.yaml | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index a471b09..6a7392a 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -30,16 +30,28 @@ spec: type: RuntimeDefault containers: - args: - - --leader-elect - - "--diagnostics-address=${CAAPH_DIAGNOSTICS_ADDRESS:=:8443}" - - "--insecure-diagnostics=${CAAPH_INSECURE_DIAGNOSTICS:=false}" - - "--sync-period=${CAAPH_SYNC_PERIOD:=10m}" - - "--v=2" + - --leader-elect + - "--diagnostics-address=${CAAPH_DIAGNOSTICS_ADDRESS:=:8443}" + - "--insecure-diagnostics=${CAAPH_INSECURE_DIAGNOSTICS:=false}" + - "--sync-period=${CAAPH_SYNC_PERIOD:=10m}" + - "--v=2" + env: + - name: XDG_DATA_HOME + value: /xdg/.data + - name: XDG_CONFIG_HOME + value: /xdg/.config + - name: XDG_STATE_HOME + value: /xdg/.state + - name: XDG_CACHE_HOME + value: /xdg/.cache + - name: XDG_CONFIG_DIRS + value: /xdg image: controller:latest imagePullPolicy: Always name: manager securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true capabilities: drop: - ALL @@ -65,6 +77,12 @@ spec: port: healthz initialDelaySeconds: 10 periodSeconds: 10 + volumeMounts: + - mountPath: /xdg + name: xdg + volumes: + - emptyDir: {} + name: xdg # TODO(user): Configure the resources accordingly based on the project requirements. # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ # resources: