Skip to content

Commit

Permalink
Revert "Add SecurityContext to job container"
Browse files Browse the repository at this point in the history
This reverts commit 7b8d25c.
  • Loading branch information
raulcabello authored and manno committed Oct 16, 2023
1 parent 7b8d25c commit da0e013
Showing 1 changed file with 2 additions and 27 deletions.
29 changes: 2 additions & 27 deletions internal/cmd/controller/controllers/git/git.go
Original file line number Diff line number Diff line change
Expand Up @@ -474,16 +474,6 @@ func (h *handler) OnChange(gitrepo *fleet.GitRepo, status fleet.GitRepoStatus) (
WorkingDir: "/workspace/source",
VolumeMounts: volumeMounts,
Env: envs,
SecurityContext: &corev1.SecurityContext{
AllowPrivilegeEscalation: &[]bool{false}[0],
ReadOnlyRootFilesystem: &[]bool{true}[0],
Privileged: &[]bool{false}[0],
RunAsNonRoot: &[]bool{true}[0],
SeccompProfile: &corev1.SeccompProfile{
Type: corev1.SeccompProfileTypeRuntimeDefault,
},
Capabilities: &corev1.Capabilities{Drop: []corev1.Capability{"ALL"}},
},
},
},
NodeSelector: map[string]string{"kubernetes.io/os": "linux"},
Expand Down Expand Up @@ -610,14 +600,9 @@ func volumes(
gitrepo *fleet.GitRepo,
configMap *corev1.ConfigMap,
) ([]corev1.Volume, []corev1.VolumeMount) {
const (
emptyDirVolumeName = "fleet-empty-dir"
configVolumeName = "config"
)

volumes := []corev1.Volume{
{
Name: configVolumeName,
Name: "config",
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{
Expand All @@ -626,23 +611,13 @@ func volumes(
},
},
},
{
Name: emptyDirVolumeName,
VolumeSource: corev1.VolumeSource{
EmptyDir: &corev1.EmptyDirVolumeSource{},
},
},
}

volumeMounts := []corev1.VolumeMount{
{
Name: configVolumeName,
Name: "config",
MountPath: "/run/config",
},
{
Name: emptyDirVolumeName,
MountPath: "/tmp",
},
}

if gitrepo.Spec.HelmSecretNameForPaths != "" {
Expand Down

0 comments on commit da0e013

Please sign in to comment.