Gitjob container has writable /tmp dir

Also disable debug logging for tests, since it disables the security context too
rancher · Sep 11, 2024 · decbf9a · decbf9a
1 parent 23f0047
commit decbf9a
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/.github/scripts/deploy-fleet.sh b/.github/scripts/deploy-fleet.sh
@@ -66,8 +66,7 @@ eventually helm upgrade --install fleet charts/fleet \
  $shards_settings \
  --set-string extraEnv[0].name=EXPERIMENTAL_OCI_STORAGE \
  --set-string extraEnv[0].value=true \
- --set garbageCollectionInterval=1s \
- --set debug=true --set debugLevel=1
+ --set garbageCollectionInterval=1s
 
 # wait for controller and agent rollout
 kubectl -n cattle-fleet-system rollout status deploy/fleet-controller

diff --git a/charts/fleet/templates/deployment_gitjob.yaml b/charts/fleet/templates/deployment_gitjob.yaml
@@ -102,6 +102,9 @@ spec:
  drop:
  - ALL
  {{- end }}
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp
  nodeSelector: {{ include "linux-node-selector" $shard.id | nindent 8 }}
 {{- if $.Values.nodeSelector }}
 {{ toYaml $.Values.nodeSelector | indent 8 }}
@@ -125,6 +128,9 @@ spec:
  runAsUser: 1000
  runAsGroup: 1000
 {{- end }}
+ volumes:
+ - name: tmp
+ emptyDir: {}
 {{- end }}
 ---
 {{- end }}