From ab86685bea6df436c93220ce63900549c19effff Mon Sep 17 00:00:00 2001 From: Rahul Khiyani Date: Wed, 27 Feb 2019 16:24:57 -0500 Subject: [PATCH] readOnlyFilesystem: true for elasticsearch chart Fix for adding readOnlyFilesystem flag at pod level Change-Id: Ife8d2b5ea02b4734ee4a83e868e16831e5f2b23f --- elasticsearch/templates/deployment-client.yaml | 2 ++ elasticsearch/templates/deployment-master.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index da2d39f02..1c95c675b 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -82,6 +82,8 @@ spec: configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} {{ dict "envAll" $envAll "podName" "elasticsearch-client" "containerNames" (list "elasticsearch-client") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: + securityContext: + readOnlyRootFilesystem: true serviceAccountName: {{ $serviceAccountName }} affinity: {{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} diff --git a/elasticsearch/templates/deployment-master.yaml b/elasticsearch/templates/deployment-master.yaml index 3ca351682..f0273223a 100644 --- a/elasticsearch/templates/deployment-master.yaml +++ b/elasticsearch/templates/deployment-master.yaml @@ -80,6 +80,8 @@ spec: configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} {{ dict "envAll" $envAll "podName" "elasticsearch-master" "containerNames" (list "elasticsearch-master") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: + securityContext: + readOnlyRootFilesystem: true serviceAccountName: {{ $serviceAccountName }} affinity: {{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}