Browse Source

Merge pull request #1034 from mt-inside/master

Make mode of ssh identity files RO
Michael Bridgen 2 years ago
parent
commit
da1df26339
No account linked to committer's email address
1 changed files with 2 additions and 0 deletions
  1. 2
    0
      deploy-helm/helm-operator-deployment.yaml

+ 2
- 0
deploy-helm/helm-operator-deployment.yaml View File

@@ -17,6 +17,7 @@ spec:
17 17
       - name: git-key
18 18
         secret:
19 19
           secretName: flux-git-deploy
20
+          defaultMode: 0400 # when mounted read-only, we won't be able to chmod
20 21
       containers:
21 22
       - name: flux-helm-operator
22 23
         # There are no ":latest" images for helm-operator. Find the most recent
@@ -27,6 +28,7 @@ spec:
27 28
         volumeMounts:
28 29
         - name: git-key
29 30
           mountPath: /etc/fluxd/ssh
31
+          readOnly: true # this will be the case perforce in K8s >=1.10
30 32
         args:
31 33
         # replace (at least) the following URL
32 34
         - --git-url=git@github.com:weaveworks/flux-helm-test

Loading…
Cancel
Save