From 73eec6f9273490b0e8c4fb709d54ed4ee50fac13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Fern=C3=A1ndez=20L=C3=B3pez?= Date: Thu, 20 Jan 2022 12:16:45 +0200 Subject: [PATCH] Mount /tmp as an empty dir to store policies --- .../pkg/admission/policy-server-deployment.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/internal/pkg/admission/policy-server-deployment.go b/internal/pkg/admission/policy-server-deployment.go index cc89f16e..2da02c66 100644 --- a/internal/pkg/admission/policy-server-deployment.go +++ b/internal/pkg/admission/policy-server-deployment.go @@ -193,6 +193,9 @@ func (r *Reconciler) deployment(configMapVersion string, policyServer *policiesv dockerConfigJSONPolicyServerPath = "/home/kubewarden/.docker" ) + policyStoreVolume := "policy-store" + policyStoreVolumePath := "/tmp" + admissionContainer := corev1.Container{ Name: policyServer.NameWithPrefix(), Image: policyServer.Spec.Image, @@ -207,6 +210,10 @@ func (r *Reconciler) deployment(configMapVersion string, policyServer *policiesv ReadOnly: true, MountPath: policiesConfigContainerPath, }, + { + Name: policyStoreVolume, + MountPath: policyStoreVolumePath, + }, }, Env: append([]corev1.EnvVar{ { @@ -223,7 +230,7 @@ func (r *Reconciler) deployment(configMapVersion string, policyServer *policiesv }, { Name: "KUBEWARDEN_POLICIES_DOWNLOAD_DIR", - Value: "/tmp/", + Value: policyStoreVolumePath, }, { Name: "KUBEWARDEN_POLICIES", @@ -322,6 +329,12 @@ func (r *Reconciler) deployment(configMapVersion string, policyServer *policiesv Containers: []corev1.Container{admissionContainer}, ServiceAccountName: policyServer.Spec.ServiceAccountName, Volumes: []corev1.Volume{ + { + Name: policyStoreVolume, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + }, { Name: certsVolumeName, VolumeSource: corev1.VolumeSource{