diff --git a/pkg/controller/druid/handler.go b/pkg/controller/druid/handler.go index 22bfad0f..e3fc907b 100644 --- a/pkg/controller/druid/handler.go +++ b/pkg/controller/druid/handler.go @@ -578,10 +578,12 @@ func makeStatefulSet(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, ls map { MountPath: firstNonEmptyStr(m.Spec.CommonConfigMountPath, defaultCommonConfigMountPath), Name: "common-config-volume", + ReadOnly: true, }, { MountPath: firstNonEmptyStr(nodeSpec.NodeConfigMountPath, defaultNodeConfigMountPath), Name: "nodetype-config-volume", + ReadOnly: true, }, } diff --git a/pkg/controller/druid/testdata/broker-statefulset.yaml b/pkg/controller/druid/testdata/broker-statefulset.yaml index 039b4608..b002e018 100644 --- a/pkg/controller/druid/testdata/broker-statefulset.yaml +++ b/pkg/controller/druid/testdata/broker-statefulset.yaml @@ -8,7 +8,7 @@ metadata: name: druid-druid-test-brokers namespace: test-namespace annotations: - druidOpResourceHash: JvDKxq3cBaf0FBXMscfcQ/RXrcs= + druidOpResourceHash: OnEopGbFnwSCMqd84ePrk0Kvd9o= spec: podManagementPolicy: Parallel replicas: 2 @@ -59,10 +59,13 @@ spec: memory: 2Gi volumeMounts: - mountPath: /druid/conf/druid/_common + readOnly: true name: common-config-volume - mountPath: /druid/conf/druid/broker + readOnly: true name: nodetype-config-volume - mountPath: /druid/data + readOnly: true name: data-volume securityContext: fsGroup: 107 diff --git a/pkg/controller/druid/testdata/druid-test-cr.yaml b/pkg/controller/druid/testdata/druid-test-cr.yaml index 56b35084..4f360088 100644 --- a/pkg/controller/druid/testdata/druid-test-cr.yaml +++ b/pkg/controller/druid/testdata/druid-test-cr.yaml @@ -159,6 +159,7 @@ spec: volumeMounts: - mountPath: /druid/data name: data-volume + readOnly: true resources: requests: memory: "2Gi"