Skip to content

Commit

Permalink
Merge branch 'main' into michals/mbe-576-add-mirrordclusterpolicy-crd
Browse files Browse the repository at this point in the history
  • Loading branch information
Razz4780 authored Dec 11, 2024
2 parents 33b731f + d4ef277 commit e8b4677
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions mirrord-operator/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,16 +33,15 @@ spec:
- {{ toYaml . }}
{{- end }}
{{- end }}
{{/* Allow low port using ip_unprivileged_port_start */}}
{{- if lt (int .Values.operator.port) 1024 -}}
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
{{/* Allow low port using ip_unprivileged_port_start */}}
{{- if lt (int .Values.operator.port) 1024 -}}
sysctls:
- name: net.ipv4.ip_unprivileged_port_start
value: {{ .Values.operator.port | quote}}
{{- end }}
{{- end }}
{{- if .Values.operator.tolerations }}
tolerations:
{{- toYaml .Values.operator.tolerations | nindent 8 }}
Expand Down Expand Up @@ -145,6 +144,7 @@ spec:
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
volumeMounts:
{{- if or (index .Values.tls.data "tls.key") .Values.tls.certManager.enabled }}
- mountPath: /tls
Expand All @@ -156,6 +156,9 @@ spec:
- mountPath: /license
name: license-volume
{{- end }}
# needed for the operator to download and use CA
- mountPath: /tmp
name: tmp
serviceAccountName: {{ .Values.sa.name }}
volumes:
- name: mirrord-config-volume
Expand All @@ -176,3 +179,5 @@ spec:
secret:
secretName: {{ .Values.license.pemRef }}
{{- end }}
- emptyDir: {}
name: tmp

0 comments on commit e8b4677

Please sign in to comment.