prometheus/cadvisor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #2029 from dashpole/update_security

Browse Source 
Update documentation to make /var/run read-only
This commit is contained in:
David Ashpole 2018-08-22 15:38:00 -07:00 committed by GitHub
commit 03b0cc3b9d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -13,7 +13,7 @@ To quickly tryout cAdvisor on your machine with Docker, we have a Docker image t
```
sudo docker run \
--volume=/:/rootfs:ro \
--volume=/var/run:/var/run:rw \
--volume=/var/run:/var/run:ro \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:ro \
--volume=/dev/disk/:/dev/disk:ro \

6
deploy/kubernetes/base/daemonset.yaml
View File

@ -30,6 +30,9 @@ spec:
- name: docker
mountPath: /var/lib/docker
readOnly: true
- name: disk
mountPath: /dev/disk
readOnly: true
ports:
- name: http
containerPort: 8080
@ -49,3 +52,6 @@ spec:
- name: docker
hostPath:
path: /var/lib/docker
- name: disk
hostPath:
path: /dev/disk