From be45316771ca5fa0242a77711c3e47782b3a288c Mon Sep 17 00:00:00 2001
From: Rahul Khiyani <rk0850@att.com>
Date: Wed, 27 Feb 2019 16:33:25 -0500
Subject: [PATCH] readOnlyFilesystem: true for fluent-logging chart

Fix for adding readOnlyFilesystem flag at pod
level

Change-Id: I29224a4f0a6a9ac98dd6016eaf7215a99230328e
---
 fluent-logging/templates/deployment-fluentd.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fluent-logging/templates/deployment-fluentd.yaml b/fluent-logging/templates/deployment-fluentd.yaml
index 8269a7c43..eb8fde0f8 100644
--- a/fluent-logging/templates/deployment-fluentd.yaml
+++ b/fluent-logging/templates/deployment-fluentd.yaml
@@ -94,6 +94,8 @@ spec:
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+      securityContext:
+        readOnlyRootFilesystem: true
 {{ dict "envAll" $envAll "application" "fluentd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
       affinity: