openstack/openstack-helm
Code Issues Proposed changes

Nova: Mount cgroups read only

Browse Source 
This PS updates the mount options for the nova-compute pod to mount
cgroups as read only within the pod.

Change-Id: I82e958c2865029cd4a093f62614a1e878075098a
Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
Pete Birley 2018-11-28 12:17:08 -06:00 committed by Achal
parent c20d358c60
commit bb7b973258
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nova/templates/daemonset-compute.yaml
View File

@ -248,6 +248,7 @@ spec:
mountPath: /run
- name: cgroup
mountPath: /sys/fs/cgroup
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
- name: machine-id