jsonnet/components/grafana: Address FIXME

Signed-off-by: ArthurSens <arthursens2005@gmail.com>
2022-04-04 14:30:59 +00:00
parent 8d2412cf94
commit 3da9bcd152
3 changed files with 8 additions and 25 deletions
--- a/jsonnet/kube-prometheus/components/grafana.libsonnet
+++ b/jsonnet/kube-prometheus/components/grafana.libsonnet
@@ -110,30 +110,12 @@ function(params)
      },
    },

-    // FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
-    // 'allowPrivilegeEscalation: false' can be deleted when https://github.com/brancz/kubernetes-grafana/pull/128 gets merged.
-    // 'readOnlyRootFilesystem: true' and extra volumeMounts can be deleted when https://github.com/brancz/kubernetes-grafana/pull/129 gets merged.
    // FIXME(paulfantom): `automountServiceAccountToken` can be removed after porting to brancz/kuberentes-grafana
    deployment+: {
      spec+: {
        template+: {
          spec+: {
            automountServiceAccountToken: false,
-            containers: std.map(function(c) c {
-              securityContext+: {
-                allowPrivilegeEscalation: false,
-                readOnlyRootFilesystem: true,
-              },
-              volumeMounts+: [{
-                mountPath: '/tmp',
-                name: 'tmp-plugins',
-                readOnly: false,
-              }],
-            }, super.containers),
-            volumes+: [{
-              name: 'tmp-plugins',
-              emptyDir: {},
-            }],
          },
        },
      },
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -8,8 +8,8 @@
          "subdir": "grafana"
        }
      },
-      "version": "1c4d84de1c059b55ce83fdd76fbb4f58530b7d55",
-      "sum": "iZK7E+zDsk1zF1z4kb/RT2QGkxUaFt8pakwTA4lBPiU="
+      "version": "d039275e4916aceae1c137120882e01d857787ac",
+      "sum": "515vMn4x4tP8vegL4HLW0nDO5+njGTgnDZB5OOhtsCI="
    },
    {
      "source": {
--- a/manifests/grafana-deployment.yaml
+++ b/manifests/grafana-deployment.yaml
@@ -62,6 +62,9 @@ spec:
        - mountPath: /etc/grafana/provisioning/dashboards
          name: grafana-dashboards
          readOnly: false
+        - mountPath: /tmp
+          name: tmp-plugins
+          readOnly: false
        - mountPath: /grafana-dashboard-definitions/0/alertmanager-overview
          name: grafana-dashboard-alertmanager-overview
          readOnly: false
@@ -137,9 +140,6 @@ spec:
        - mountPath: /etc/grafana
          name: grafana-config
          readOnly: false
-        - mountPath: /tmp
-          name: tmp-plugins
-          readOnly: false
      nodeSelector:
        kubernetes.io/os: linux
      securityContext:
@@ -156,6 +156,9 @@ spec:
      - configMap:
          name: grafana-dashboards
        name: grafana-dashboards
+      - emptyDir:
+          medium: Memory
+        name: tmp-plugins
      - configMap:
          name: grafana-dashboard-alertmanager-overview
        name: grafana-dashboard-alertmanager-overview
@@ -231,5 +234,3 @@ spec:
      - name: grafana-config
        secret:
          secretName: grafana-config
-      - emptyDir: {}
-        name: tmp-plugins