Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

metricServer can set readOnlyRootFilesystem=true #301

Closed
joebowbeer opened this issue Aug 11, 2022 · 3 comments · Fixed by #307
Closed

metricServer can set readOnlyRootFilesystem=true #301

joebowbeer opened this issue Aug 11, 2022 · 3 comments · Fixed by #307

Comments

@joebowbeer
Copy link
Contributor

joebowbeer commented Aug 11, 2022
edited

The keda README in this repo states that metricServer cannot set readOnlyRootFilesystem=true

Metrics server needs to write the self-signed cert so it's not possible set this
readOnlyRootFilesystem: true

but the FAQ says otherwise and provides instructions how to do it when using the default generated cert:

Originally posted by @joebowbeer in #267 (comment)

    readOnlyRootFilesystem: true
  volumes:
    metricsApiServer:
      extraVolumes:
      - name: keda-volume
      extraVolumeMounts:
      - name: keda-volume
        mountPath: /apiserver.local.config/certificates/

Please add this secure snippet to the secure-by-default values, or add a reference to the FAQ in the comment.
@joebowbeer joebowbeer mentioned this issue Aug 11, 2022
Merged
3 tasks
@joebowbeer joebowbeer changed the title metricServer can set readOnlyRootFilesystem=true metricServer *can* set readOnlyRootFilesystem=true Aug 11, 2022
@joebowbeer joebowbeer changed the title metricServer *can* set readOnlyRootFilesystem=true metricServer can set readOnlyRootFilesystem=true Aug 11, 2022
@JorTurFer
Copy link
Member

@kedacore/keda-helm-maintainers ?

@tomkerkhove
Copy link
Member

We can do it, but there seem to be some pre-requisites. I'd leave it up to @zroubalik as I'm not familiar with this enough

@joebowbeer
Copy link
Contributor Author

joebowbeer commented Aug 12, 2022
edited

I'm just pointing out that this section of the README is contradicted by the FAQ, and I'm suggesting ways to bring it into line, including a snippet for values that works with the default generated cert.

My PR that updated the FAQ is kedacore/keda-docs#830

@joebowbeer joebowbeer mentioned this issue Aug 19, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add seccompProfile joebowbeer/keda-charts
3 participants
@joebowbeer @tomkerkhove @JorTurFer