Commit cc314ba0 authored by Pierre-Louis Bonicoli's avatar Pierre-Louis Bonicoli 🏗
Browse files

Merge branch 'add_audit_write_capability_sys_fs_cgroup_ro' into 'master'

[CI] a PodSecurityPolicy has been added: conform to it

See merge request !8
parents 33ee862e 8c143958
......@@ -20,6 +20,9 @@
- name: '{{ item.name }}'
image: '{{ item.image }}'
imagePullPolicy: '{{ item.image_pull | default("IfNotPresent") }}'
securityContext:
capabilities:
add: ['AUDIT_WRITE']
command: '{{ item.command | default(["/bin/sh", "-c"]) }}'
args: >-
{{ [] if item.command|default(false) else (item.args | default(["while true; do sleep 30; done;"])) }}
......
......@@ -23,6 +23,7 @@ platforms:
name: tmpfs-lock
- mountPath: /sys/fs/cgroup
name: cgroup
readOnly: true
volumes: &volumes
- name: tmpfs-tmp
emptyDir:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment