Skip to content

Commit

Permalink
Revert "Add readOnlyRootFilesystem to security context (#2771) (#2789)"
Browse files Browse the repository at this point in the history
This reverts commit b75d803.
  • Loading branch information
David Yu authored Aug 25, 2023
1 parent 0cd68fc commit ef6088c
Show file tree
Hide file tree
Showing 6 changed files with 0 additions and 25 deletions.
3 changes: 0 additions & 3 deletions .changelog/2789.txt

This file was deleted.

1 change: 0 additions & 1 deletion charts/consul/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ as well as the global.name setting.
{{- if not .Values.global.enablePodSecurityPolicies -}}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
Expand Down
7 changes: 0 additions & 7 deletions charts/consul/templates/ingress-gateways-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -154,9 +154,6 @@ spec:
terminationGracePeriodSeconds: {{ default $defaults.terminationGracePeriodSeconds .terminationGracePeriodSeconds }}
serviceAccountName: {{ template "consul.fullname" $root }}-{{ .name }}
volumes:
- name: tmp
emptyDir:
medium: "Memory"
- name: consul-service
emptyDir:
medium: "Memory"
Expand Down Expand Up @@ -218,8 +215,6 @@ spec:
-log-level={{ default $root.Values.global.logLevel $root.Values.ingressGateways.logLevel }} \
-log-json={{ $root.Values.global.logJSON }}
volumeMounts:
- name: tmp
mountPath: /tmp
- name: consul-service
mountPath: /consul/service
{{- if $root.Values.global.tls.enabled }}
Expand All @@ -244,8 +239,6 @@ spec:
resources: {{ toYaml (default $defaults.resources .resources) | nindent 10 }}
{{- end }}
volumeMounts:
- name: tmp
mountPath: /tmp
- name: consul-service
mountPath: /consul/service
readOnly: true
Expand Down
5 changes: 0 additions & 5 deletions charts/consul/templates/server-statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -141,8 +141,6 @@ spec:
{{- toYaml .Values.server.securityContext | nindent 8 }}
{{- end }}
volumes:
- name: tmp
emptyDir: {}
- name: config
configMap:
name: {{ template "consul.fullname" . }}-server-config
Expand Down Expand Up @@ -455,9 +453,6 @@ spec:
mountPath: /trusted-cas
readOnly: false
{{- end }}
- name: tmp
mountPath: /tmp
readOnly: false
ports:
{{- if (or (not .Values.global.tls.enabled) (not .Values.global.tls.httpsOnly)) }}
- name: http
Expand Down
7 changes: 0 additions & 7 deletions charts/consul/templates/terminating-gateways-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -123,9 +123,6 @@ spec:
terminationGracePeriodSeconds: 10
serviceAccountName: {{ template "consul.fullname" $root }}-{{ .name }}
volumes:
- name: tmp
emptyDir:
medium: "Memory"
- name: consul-service
emptyDir:
medium: "Memory"
Expand Down Expand Up @@ -203,8 +200,6 @@ spec:
-log-level={{ default $root.Values.global.logLevel $root.Values.terminatingGateways.logLevel }} \
-log-json={{ $root.Values.global.logJSON }}
volumeMounts:
- name: tmp
mountPath: /tmp
- name: consul-service
mountPath: /consul/service
{{- if $root.Values.global.tls.enabled }}
Expand All @@ -226,8 +221,6 @@ spec:
image: {{ $root.Values.global.imageConsulDataplane | quote }}
{{- include "consul.restrictedSecurityContext" $ | nindent 10 }}
volumeMounts:
- name: tmp
mountPath: /tmp
- name: consul-service
mountPath: /consul/service
readOnly: true
Expand Down
2 changes: 0 additions & 2 deletions charts/consul/test/unit/server-statefulset.bats
Original file line number Diff line number Diff line change
Expand Up @@ -859,7 +859,6 @@ load _helpers
"drop": ["ALL"],
"add": ["NET_BIND_SERVICE"]
},
"readOnlyRootFilesystem": true,
"runAsNonRoot": true,
"seccompProfile": {
"type": "RuntimeDefault"
Expand Down Expand Up @@ -892,7 +891,6 @@ load _helpers
"drop": ["ALL"],
"add": ["NET_BIND_SERVICE"]
},
"readOnlyRootFilesystem": true,
"runAsNonRoot": true,
"seccompProfile": {
"type": "RuntimeDefault"
Expand Down

0 comments on commit ef6088c

Please sign in to comment.