From 1d2738d4b81462711e57f4a17577c0cf606e2320 Mon Sep 17 00:00:00 2001
From: Mike Bryant <mike.bryant@mettle.co.uk>
Date: Thu, 14 Dec 2023 15:20:08 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Add=20/tmp=20volume=20for=20sqli?=
 =?UTF-8?q?te?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The volume is required for temporary files, when the root filesystem is readonly

Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
---
 charts/policy-reporter/Chart.yaml                | 2 +-
 charts/policy-reporter/templates/deployment.yaml | 8 ++++++++
 charts/policy-reporter/values.yaml               | 5 +++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/charts/policy-reporter/Chart.yaml b/charts/policy-reporter/Chart.yaml
index 77ae76df..c740be79 100644
--- a/charts/policy-reporter/Chart.yaml
+++ b/charts/policy-reporter/Chart.yaml
@@ -5,7 +5,7 @@ description: |
   It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
 
 type: application
-version: 2.21.4
+version: 2.21.5
 appVersion: 2.17.4
 
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
diff --git a/charts/policy-reporter/templates/deployment.yaml b/charts/policy-reporter/templates/deployment.yaml
index 34edcb20..140d4e7c 100644
--- a/charts/policy-reporter/templates/deployment.yaml
+++ b/charts/policy-reporter/templates/deployment.yaml
@@ -88,6 +88,8 @@ spec:
             subPath: config.yaml
             {{- end }}
             readOnly: true
+          - name: tmp
+            mountPath: /tmp
           {{- with .Values.extraVolumes.volumeMounts }}
           {{ toYaml . | nindent 10 | trim }}
           {{- end }}
@@ -120,6 +122,12 @@ spec:
           secretName: {{ include "policyreporter.fullname" . }}-config
           {{- end }}
           optional: true
+      - name: tmp
+        {{- if .Values.tmpVolume }}
+          {{- toYaml .Values.tmpVolume | nindent 8 }}
+        {{- else }}
+        emptyDir: {}
+        {{- end }}
       {{- with .Values.extraVolumes.volumes }}
       {{ toYaml . | nindent 6 | trim }}
       {{- end }}
diff --git a/charts/policy-reporter/values.yaml b/charts/policy-reporter/values.yaml
index 2acfee29..f49c8a1e 100644
--- a/charts/policy-reporter/values.yaml
+++ b/charts/policy-reporter/values.yaml
@@ -742,3 +742,8 @@ extraVolumes:
 sqliteVolume: {}
   # emptyDir:
   #   sizeLimit: 10Mi
+
+# If set the volume for /tmp is freely configurable below "- name: tmp". If no value is set an emptyDir is used.
+tmpVolume: {}
+  # emptyDir:
+  #   sizeLimit: 10Mi