From 9a34331bcfc91bc5a063f7025bcbfa6acf51ad91 Mon Sep 17 00:00:00 2001 From: Rahul Khiyani Date: Tue, 26 Feb 2019 05:13:32 -0500 Subject: [PATCH] readOnlyFilesystem: true for ingress chart Fix for adding readOnlyFilesystem flag at pod level Change-Id: Icc8fa3aae2d80e1038d7335af9a0a51885f9dad8 --- ingress/templates/deployment-ingress.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index f5b448ebb..29feaa303 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -175,6 +175,8 @@ spec: {{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} app: ingress-api spec: + securityContext: + readOnlyRootFilesystem: true shareProcessNamespace: true serviceAccountName: {{ $serviceAccountName }} {{- if eq .Values.deployment.type "Deployment" }}