ensure the /etc/os-release is mounted read only

2026-03-07 02:27:43 +03:00 · 2017-05-01 14:51:40 -04:00
parent ac9290f985
commit 0afbc19ffb
2 changed files with 2 additions and 2 deletions
--- a/roles/kubernetes/node/templates/kubelet.rkt.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
@@ -20,7 +20,7 @@ ExecStartPre=-/bin/mkdir -p /var/lib/kubelet
 EnvironmentFile={{kube_config_dir}}/kubelet.env
 # stage1-fly mounts /proc /sys /dev so no need to duplicate the mounts
 ExecStart=/usr/bin/rkt run \
-        --volume os-release,kind=host,source=/etc/os-release \
+        --volume os-release,kind=host,source=/etc/os-release,readOnly=true \
        --volume dns,kind=host,source=/etc/resolv.conf \
        --volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
        --volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \