From 3da9bcd152c9151a8f0dddbe44ce372b9194ddf4 Mon Sep 17 00:00:00 2001
From: ArthurSens <arthursens2005@gmail.com>
Date: Mon, 4 Apr 2022 14:30:59 +0000
Subject: [PATCH] jsonnet/components/grafana: Address FIXME
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
---
.../components/grafana.libsonnet | 18 ------------------
jsonnetfile.lock.json | 4 ++--
manifests/grafana-deployment.yaml | 11 ++++++-----
3 files changed, 8 insertions(+), 25 deletions(-)
diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet
index f6df20e0..f002e3c7 100644
--- a/jsonnet/kube-prometheus/components/grafana.libsonnet
+++ b/jsonnet/kube-prometheus/components/grafana.libsonnet
@@ -110,30 +110,12 @@ function(params)
},
},
- // FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
- // 'allowPrivilegeEscalation: false' can be deleted when https://github.com/brancz/kubernetes-grafana/pull/128 gets merged.
- // 'readOnlyRootFilesystem: true' and extra volumeMounts can be deleted when https://github.com/brancz/kubernetes-grafana/pull/129 gets merged.
// FIXME(paulfantom): `automountServiceAccountToken` can be removed after porting to brancz/kuberentes-grafana
deployment+: {
spec+: {
template+: {
spec+: {
automountServiceAccountToken: false,
- containers: std.map(function(c) c {
- securityContext+: {
- allowPrivilegeEscalation: false,
- readOnlyRootFilesystem: true,
- },
- volumeMounts+: [{
- mountPath: '/tmp',
- name: 'tmp-plugins',
- readOnly: false,
- }],
- }, super.containers),
- volumes+: [{
- name: 'tmp-plugins',
- emptyDir: {},
- }],
},
},
},
diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json
index 08d09229..4609e601 100644
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -8,8 +8,8 @@
"subdir": "grafana"
}
},
- "version": "1c4d84de1c059b55ce83fdd76fbb4f58530b7d55",
- "sum": "iZK7E+zDsk1zF1z4kb/RT2QGkxUaFt8pakwTA4lBPiU="
+ "version": "d039275e4916aceae1c137120882e01d857787ac",
+ "sum": "515vMn4x4tP8vegL4HLW0nDO5+njGTgnDZB5OOhtsCI="
},
{
"source": {
diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml
index d0e463af..2c9fda14 100644
--- a/manifests/grafana-deployment.yaml
+++ b/manifests/grafana-deployment.yaml
@@ -62,6 +62,9 @@ spec:
- mountPath: /etc/grafana/provisioning/dashboards
name: grafana-dashboards
readOnly: false
+ - mountPath: /tmp
+ name: tmp-plugins
+ readOnly: false
- mountPath: /grafana-dashboard-definitions/0/alertmanager-overview
name: grafana-dashboard-alertmanager-overview
readOnly: false
@@ -137,9 +140,6 @@ spec:
- mountPath: /etc/grafana
name: grafana-config
readOnly: false
- - mountPath: /tmp
- name: tmp-plugins
- readOnly: false
nodeSelector:
kubernetes.io/os: linux
securityContext:
@@ -156,6 +156,9 @@ spec:
- configMap:
name: grafana-dashboards
name: grafana-dashboards
+ - emptyDir:
+ medium: Memory
+ name: tmp-plugins
- configMap:
name: grafana-dashboard-alertmanager-overview
name: grafana-dashboard-alertmanager-overview
@@ -231,5 +234,3 @@ spec:
- name: grafana-config
secret:
secretName: grafana-config
- - emptyDir: {}
- name: tmp-plugins
--
GitLab