From 8014fdcd043b0f6e1c76772d806c0bf1ce93a2ae Mon Sep 17 00:00:00 2001
From: esara <endresara@gmail.com>
Date: Wed, 31 Jan 2024 23:21:12 -0500
Subject: [PATCH] doc update for readOnlyRootFilesystem with using emptydir for
 /var/run/beyla

Signed-off-by: Endre Sara <endresara@gmail.com>
---
 docs/sources/setup/kubernetes.md         | 15 +++++++++------
 docs/sources/tutorial/k8s-walkthrough.md | 13 +++++++++----
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/docs/sources/setup/kubernetes.md b/docs/sources/setup/kubernetes.md
index aec8a74dd..1b4cc07e5 100644
--- a/docs/sources/setup/kubernetes.md
+++ b/docs/sources/setup/kubernetes.md
@@ -226,7 +226,6 @@ spec:
         - name: autoinstrument
           image: grafana/beyla:latest
           securityContext:
-            runAsUser: 0
             privileged: true
           env:
             # Select the executable by its name instead of BEYLA_OPEN_PORT
@@ -291,25 +290,29 @@ spec:
     spec:
       serviceAccountName: beyla
       hostPID: true #important!
-      volumes:
-        - name: beyla-config
-          configMap:
-            name: beyla-config
       containers:
         - name: beyla
           image: grafana/beyla:latest
           imagePullPolicy: IfNotPresent
           securityContext:
             privileged: true
+            readOnlyRootFilesystem: true
           # mount the previous ConfigMap as a folder
           volumeMounts:
             - mountPath: /config
               name: beyla-config
+            - mountPath: /var/run/beyla
+              name: var-run-beyla
           env:
             # tell beyla where to find the configuration file
             - name: BEYLA_CONFIG_PATH
               value: "/config/beyla-config.yml"
-
+      volumes:
+        - name: beyla-config
+          configMap:
+            name: beyla-config
+        - name: var-run-beyla
+          emptyDir: {}
 ```
 
 ## Providing secret configuration
diff --git a/docs/sources/tutorial/k8s-walkthrough.md b/docs/sources/tutorial/k8s-walkthrough.md
index 18df83253..8cbcc79b5 100644
--- a/docs/sources/tutorial/k8s-walkthrough.md
+++ b/docs/sources/tutorial/k8s-walkthrough.md
@@ -294,19 +294,18 @@ spec:
     spec:
       serviceAccountName: beyla
       hostPID: true # mandatory!
-      volumes:
-        - name: beyla-config
-          configMap:
-            name: beyla-config
       containers:
         - name: beyla
           image: grafana/beyla:1.2
           imagePullPolicy: IfNotPresent
           securityContext:
             privileged: true # mandatory!
+            readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /config
               name: beyla-config
+            - mountPath: /var/run/beyla
+              name: var-run-beyla
           env:
             - name: BEYLA_CONFIG_PATH
               value: "/config/beyla-config.yml"
@@ -320,6 +319,12 @@ spec:
                 secretKeyRef:
                   name: grafana-credentials
                   key: otlp-headers
+      volumes:
+        - name: beyla-config
+          configMap:
+            name: beyla-config
+        - name: var-run-beyla
+          emptyDir: {}
 ```
 
 Also notice: