From 15169a430c5f9f924f06cfc9da4e23a42817b4c6 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 21 Oct 2023 03:30:33 +0200
Subject: [PATCH] feat(sbom-operator): Add container to cleanup /tmp

---
 apps/k8s01/sbom-operator/release.yaml | 30 ++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/apps/k8s01/sbom-operator/release.yaml b/apps/k8s01/sbom-operator/release.yaml
index df8310c42..1aa9d5585 100644
--- a/apps/k8s01/sbom-operator/release.yaml
+++ b/apps/k8s01/sbom-operator/release.yaml
@@ -40,6 +40,34 @@ spec:
                 spec:
                   securityContext:
                     fsGroup: 1001
+                  containers:
+                    - name: cleanup
+                      image: quay.io/fedora/fedora:38
+                      command:
+                        - bash
+                        - -c
+                        - while true; do find /tmp -type f -mmin +15 -exec rm -f {} + ; sleep 300; done
+                      resources:
+                        requests:
+                          cpu: 10m
+                          memory: 64Mi
+                        limits:
+                          cpu: 100m
+                          memory: 128Mi
+                      securityContext:
+                          allowPrivilegeEscalation: false
+                          capabilities:
+                            drop:
+                            - ALL
+                          privileged: false
+                          readOnlyRootFilesystem: true
+                          runAsNonRoot: true
+                          runAsUser: 1001
+                          seccompProfile:
+                            type: RuntimeDefault
+                      volumeMounts:
+                        - name: tmp
+                          mountPath: /tmp
                   volumes:
                     - name: tmp
                       emptyDir: null
@@ -66,4 +94,4 @@ data:
       limits:
         cpu: "1"
         memory: "2Gi"
-    podSecurityPolicy:
+    podSecurityPolicy:
\ No newline at end of file
-- 
GitLab