From 2fefd6c56aec9342dc544becb69b1b9ad682ede7 Mon Sep 17 00:00:00 2001
From: pd2839 <pd2839@att.com>
Date: Tue, 5 Mar 2019 13:55:25 -0600
Subject: [PATCH] readOnlyFilesystem: true for horizon chart

Fix for adding readOnlyFilesystem flag at pod level

Change-Id: I9ec373816987a4c91cb4aeab5ab0b2433215f136
---
 horizon/templates/deployment.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml
index 30aea1fc14..466ff4ea6e 100644
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@@ -46,6 +46,8 @@ spec:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+      securityContext:
+        readOnlyRootFilesystem: true
       serviceAccountName: {{ $serviceAccountName }}
 {{ dict "envAll" $envAll "application" "horizon" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       affinity: