From 15169a430c5f9f924f06cfc9da4e23a42817b4c6 Mon Sep 17 00:00:00 2001 From: Sheogorath <sheogorath@shivering-isles.com> Date: Sat, 21 Oct 2023 03:30:33 +0200 Subject: [PATCH] feat(sbom-operator): Add container to cleanup /tmp --- apps/k8s01/sbom-operator/release.yaml | 30 ++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/apps/k8s01/sbom-operator/release.yaml b/apps/k8s01/sbom-operator/release.yaml index df8310c42..1aa9d5585 100644 --- a/apps/k8s01/sbom-operator/release.yaml +++ b/apps/k8s01/sbom-operator/release.yaml @@ -40,6 +40,34 @@ spec: spec: securityContext: fsGroup: 1001 + containers: + - name: cleanup + image: quay.io/fedora/fedora:38 + command: + - bash + - -c + - while true; do find /tmp -type f -mmin +15 -exec rm -f {} + ; sleep 300; done + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - name: tmp + mountPath: /tmp volumes: - name: tmp emptyDir: null @@ -66,4 +94,4 @@ data: limits: cpu: "1" memory: "2Gi" - podSecurityPolicy: + podSecurityPolicy: \ No newline at end of file -- GitLab