Skip to content
This repository has been archived by the owner on Jun 20, 2024. It is now read-only.

Update daemonset manifest to mount /etc/machine-id #3886

Merged
merged 1 commit into from
Jan 22, 2021
Merged

Update daemonset manifest to mount /etc/machine-id #3886

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Update daemonset manifest to mount /etc/machine-id 
Mounted as ReadOnly in order to minimize attack surface as in #3880
  • Loading branch information
Alex Vest committed Jan 21, 2021
commit 9a2682671cf94639dd0db446a7c374a288986c1c
6 changes: 6 additions & 0 deletions prog/weave-kube/weave-daemonset-k8s-1.11.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,9 @@ items:
- name: dbus
mountPath: /host/var/lib/dbus
readOnly: true
- mountPath: /host/etc/machine-id
name: cni-machine-id
readOnly: true
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
Expand Down Expand Up @@ -216,6 +219,9 @@ items:
- name: cni-conf
hostPath:
path: /etc
- name: cni-machine-id
hostPath:
path: /etc/machine-id
- name: dbus
hostPath:
path: /var/lib/dbus
Expand Down
6 changes: 6 additions & 0 deletions prog/weave-kube/weave-daemonset-k8s-1.8.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,9 @@ items:
- name: dbus
mountPath: /host/var/lib/dbus
readOnly: true
- mountPath: /host/etc/machine-id
name: cni-machine-id
readOnly: true
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
Expand Down Expand Up @@ -212,6 +215,9 @@ items:
- name: cni-conf
hostPath:
path: /etc
- name: cni-machine-id
hostPath:
path: /etc/machine-id
- name: dbus
hostPath:
path: /var/lib/dbus
Expand Down
6 changes: 6 additions & 0 deletions prog/weave-kube/weave-daemonset-k8s-1.9.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,9 @@ items:
- name: dbus
mountPath: /host/var/lib/dbus
readOnly: true
- mountPath: /host/etc/machine-id
name: cni-machine-id
readOnly: true
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
Expand Down Expand Up @@ -216,6 +219,9 @@ items:
- name: cni-conf
hostPath:
path: /etc
- name: cni-machine-id
hostPath:
path: /etc/machine-id
- name: dbus
hostPath:
path: /var/lib/dbus
Expand Down