Skip to content
Permalink
Browse files

feat: set volumes as readonly and disable modules

  • Loading branch information...
etienne-napoleone committed May 9, 2019
1 parent db00a71 commit 4687675ef16480baf89e19caf776dfac1d3e0684
@@ -30,12 +30,14 @@ resource "kubernetes_daemonset" "netdata-slave" {
mount_path = "/etc/netdata/stream.conf"
name = "slave-stream-conf"
sub_path = "stream.conf"
read_only = true
}

volume_mount {
mount_path = "/etc/netdata/netdata.conf"
name = "slave-netdata-conf"
sub_path = "netdata.conf"
read_only = true
}

volume_mount {
@@ -58,7 +60,7 @@ resource "kubernetes_daemonset" "netdata-slave" {

security_context {
"capabilities" = {
"add" = ["SYS_PTRACE"]
"add" = ["SYS_PTRACE", "SYS_ADMIN"]
}
}
}
@@ -3,3 +3,13 @@
history = 12000
[web]
web server threads = 4
[plugins]
cgroups = no
tc = no
enable running new plugins = no
check for new plugins every = 72000
python.d = no
charts.d = no
go.d = no
node.d = no
apps = yes

0 comments on commit 4687675

Please sign in to comment.
You can’t perform that action at this time.