From bfa58f9177a3025b36b00ebcce3260c98e090b45 Mon Sep 17 00:00:00 2001
From: Rahul Khiyani <rk0850@att.com>
Date: Fri, 1 Mar 2019 17:08:20 -0500
Subject: [PATCH] readOnlyRootFilesystem: true for Prometheus chart

Fix for adding readOnlyRootFilesystem flag at pod
level

Change-Id: I04079be87780292da1bf9b2142f0a01a8b575b5b
---
 prometheus/templates/statefulset.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/prometheus/templates/statefulset.yaml b/prometheus/templates/statefulset.yaml
index 5b0184a26..b9401f8df 100644
--- a/prometheus/templates/statefulset.yaml
+++ b/prometheus/templates/statefulset.yaml
@@ -87,6 +87,8 @@ spec:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+      securityContext:
+        readOnlyRootFilesystem: true
       serviceAccountName: {{ $serviceAccountName }}
       affinity:
 {{ tuple $envAll "prometheus" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}