Skip to content

Commit

Permalink
Merge pull request #144 from ereslibre/create-policy-server-tmp-volume
Browse files Browse the repository at this point in the history 
Mount /tmp as an empty dir to store policies
  • Loading branch information
@flavio
flavio authored Jan 20, 2022
2 parents 6013ca6 + 73eec6f commit 0290421
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion internal/pkg/admission/policy-server-deployment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,9 @@ func (r *Reconciler) deployment(configMapVersion string, policyServer *policiesv
dockerConfigJSONPolicyServerPath = "/home/kubewarden/.docker"
)

policyStoreVolume := "policy-store"
policyStoreVolumePath := "/tmp"

admissionContainer := corev1.Container{
Name: policyServer.NameWithPrefix(),
Image: policyServer.Spec.Image,
Expand All @@ -207,6 +210,10 @@ func (r *Reconciler) deployment(configMapVersion string, policyServer *policiesv
ReadOnly: true,
MountPath: policiesConfigContainerPath,
},
{
Name: policyStoreVolume,
MountPath: policyStoreVolumePath,
},
},
Env: append([]corev1.EnvVar{
{
Expand All @@ -223,7 +230,7 @@ func (r *Reconciler) deployment(configMapVersion string, policyServer *policiesv
},
{
Name: "KUBEWARDEN_POLICIES_DOWNLOAD_DIR",
Value: "/tmp/",
Value: policyStoreVolumePath,
},
{
Name: "KUBEWARDEN_POLICIES",
Expand Down Expand Up @@ -322,6 +329,12 @@ func (r *Reconciler) deployment(configMapVersion string, policyServer *policiesv
Containers: []corev1.Container{admissionContainer},
ServiceAccountName: policyServer.Spec.ServiceAccountName,
Volumes: []corev1.Volume{
{
Name: policyStoreVolume,
VolumeSource: corev1.VolumeSource{
EmptyDir: &corev1.EmptyDirVolumeSource{},
},
},
{
Name: certsVolumeName,
VolumeSource: corev1.VolumeSource{
Expand Down

0 comments on commit 0290421

Please sign in to comment.