-
-
Save tmilox/9678cbdd66eb934deef4d1e489f72e2c to your computer and use it in GitHub Desktop.
Revisions
-
tallclair created this gist
Mar 9, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,38 @@ # Example of using an InitContainer in place of a GitRepo volume. # Unilke GitRepo volumes, this approach runs the git command in a container, # with the associated hardening. apiVersion: v1 kind: Pod metadata: name: git-repo-demo annotations: seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: initContainers: # This container clones the desired git repo to the EmptyDir volume. - name: git-clone image: alpine/git # Any image with git will do args: - clone - --single-branch - -- - https://github.com/kubernetes/kubernetes # Your repo - /repo # Put it in the volume securityContext: runAsUser: 1 # Any non-root user will do. Match to the workload. allowPrivilegeEscalation: false readOnlyRootFilesystem: true volumeMounts: - name: git-repo mountPath: /repo containers: # Replace with your actual workload. - name: busybox image: busybox args: ['sleep', '100000'] # Do nothing volumeMounts: - name: git-repo mountPath: /repo volumes: - name: git-repo emptyDir: {}