deploy: run all containers with read-only filesystem

Prevent potential abuse of the container storage a little more, by running all containers with a read-only filesystem. Signed-off-by: Niels de Vos <[email protected]>
csi-addons · Mar 5, 2024 · b2c2295 · b2c2295
1 parent 7eef960
commit b2c2295
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -34,6 +34,7 @@ spec:
                   fieldPath: metadata.namespace
           securityContext:
             allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
           livenessProbe:
             httpGet:
               path: /healthz

diff --git a/deploy/controller/setup-controller.yaml b/deploy/controller/setup-controller.yaml
@@ -91,6 +91,7 @@ spec:
             memory: 64Mi
         securityContext:
           allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
       securityContext:
         runAsNonRoot: true
       serviceAccountName: csi-addons-controller-manager