easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1706 from ArthurSens/as/dead-code

Browse Source 
jsonnet/components/grafana: Address FIXME to prevent incoming bug
This commit is contained in:
Arthur Silva Sens
2022-04-05 11:23:01 +01:00
committed by GitHub
parent 8d2412cf94 3da9bcd152
commit 28f71a0e1b
3 changed files with 8 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
jsonnet/kube-prometheus/components/grafana.libsonnet
View File

@@ -110,30 +110,12 @@ function(params)
}, },
}, },
// FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
// 'allowPrivilegeEscalation: false' can be deleted when https://github.com/brancz/kubernetes-grafana/pull/128 gets merged.
// 'readOnlyRootFilesystem: true' and extra volumeMounts can be deleted when https://github.com/brancz/kubernetes-grafana/pull/129 gets merged.
// FIXME(paulfantom): `automountServiceAccountToken` can be removed after porting to brancz/kuberentes-grafana // FIXME(paulfantom): `automountServiceAccountToken` can be removed after porting to brancz/kuberentes-grafana
deployment+: { deployment+: {
spec+: { spec+: {
template+: { template+: {
spec+: { spec+: {
automountServiceAccountToken: false, automountServiceAccountToken: false,
containers: std.map(function(c) c {
securityContext+: {
allowPrivilegeEscalation: false,
readOnlyRootFilesystem: true,
},
volumeMounts+: [{
mountPath: '/tmp',
name: 'tmp-plugins',
readOnly: false,
}],
}, super.containers),
volumes+: [{
name: 'tmp-plugins',
emptyDir: {},
}],
}, },
}, },
}, },

4
jsonnetfile.lock.json
View File

@@ -8,8 +8,8 @@
"subdir": "grafana" "subdir": "grafana"
} }
}, },
"version": "1c4d84de1c059b55ce83fdd76fbb4f58530b7d55", "version": "d039275e4916aceae1c137120882e01d857787ac",
"sum": "iZK7E+zDsk1zF1z4kb/RT2QGkxUaFt8pakwTA4lBPiU=" "sum": "515vMn4x4tP8vegL4HLW0nDO5+njGTgnDZB5OOhtsCI="
}, },
{ {
"source": { "source": {

11
manifests/grafana-deployment.yaml
View File

@@ -62,6 +62,9 @@ spec:
- mountPath: /etc/grafana/provisioning/dashboards - mountPath: /etc/grafana/provisioning/dashboards
name: grafana-dashboards name: grafana-dashboards
readOnly: false readOnly: false
- mountPath: /tmp
name: tmp-plugins
readOnly: false
- mountPath: /grafana-dashboard-definitions/0/alertmanager-overview - mountPath: /grafana-dashboard-definitions/0/alertmanager-overview
name: grafana-dashboard-alertmanager-overview name: grafana-dashboard-alertmanager-overview
readOnly: false readOnly: false
@@ -137,9 +140,6 @@ spec:
- mountPath: /etc/grafana - mountPath: /etc/grafana
name: grafana-config name: grafana-config
readOnly: false readOnly: false
- mountPath: /tmp
name: tmp-plugins
readOnly: false
nodeSelector: nodeSelector:
kubernetes.io/os: linux kubernetes.io/os: linux
securityContext: securityContext:
@@ -156,6 +156,9 @@ spec:
- configMap: - configMap:
name: grafana-dashboards name: grafana-dashboards
name: grafana-dashboards name: grafana-dashboards
- emptyDir:
medium: Memory
name: tmp-plugins
- configMap: - configMap:
name: grafana-dashboard-alertmanager-overview name: grafana-dashboard-alertmanager-overview
name: grafana-dashboard-alertmanager-overview name: grafana-dashboard-alertmanager-overview
@@ -231,5 +234,3 @@ spec:
- name: grafana-config - name: grafana-config
secret: secret:
secretName: grafana-config secretName: grafana-config
- emptyDir: {}
name: tmp-plugins