ensure the /etc/os-release is mounted read only
This commit is contained in:
parent
f608e9e4f8
commit
755c20f2f9
2 changed files with 2 additions and 2 deletions
|
@ -25,7 +25,7 @@
|
||||||
-v /var/lib/cni:/var/lib/cni:shared \
|
-v /var/lib/cni:/var/lib/cni:shared \
|
||||||
-v /var/run:/var/run:rw \
|
-v /var/run:/var/run:rw \
|
||||||
-v {{kube_config_dir}}:{{kube_config_dir}}:ro \
|
-v {{kube_config_dir}}:{{kube_config_dir}}:ro \
|
||||||
-v /etc/os-release:/etc/os-release \
|
-v /etc/os-release:/etc/os-release:ro \
|
||||||
{{ hyperkube_image_repo }}:{{ hyperkube_image_tag}} \
|
{{ hyperkube_image_repo }}:{{ hyperkube_image_tag}} \
|
||||||
./hyperkube kubelet \
|
./hyperkube kubelet \
|
||||||
"$@"
|
"$@"
|
||||||
|
|
|
@ -20,7 +20,7 @@ ExecStartPre=-/bin/mkdir -p /var/lib/kubelet
|
||||||
EnvironmentFile={{kube_config_dir}}/kubelet.env
|
EnvironmentFile={{kube_config_dir}}/kubelet.env
|
||||||
# stage1-fly mounts /proc /sys /dev so no need to duplicate the mounts
|
# stage1-fly mounts /proc /sys /dev so no need to duplicate the mounts
|
||||||
ExecStart=/usr/bin/rkt run \
|
ExecStart=/usr/bin/rkt run \
|
||||||
--volume os-release,kind=host,source=/etc/os-release \
|
--volume os-release,kind=host,source=/etc/os-release,readOnly=true \
|
||||||
--volume dns,kind=host,source=/etc/resolv.conf \
|
--volume dns,kind=host,source=/etc/resolv.conf \
|
||||||
--volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
|
--volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
|
||||||
--volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
|
--volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
|
||||||
|
|
Loading…
Reference in a new issue