Introduce ReadOnlyRootFilesystem for Tornjak frontend (#110)

Signed-off-by: Mariusz Sabath <[email protected]>
spiffe · Nov 16, 2023 · c9885de · c9885de
1 parent 911f51b
commit c9885de
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/charts/spire/charts/tornjak-frontend/templates/deployment.yaml b/charts/spire/charts/tornjak-frontend/templates/deployment.yaml
@@ -56,6 +56,8 @@ spec:
               mountPath: {{ .Values.workingDir }}/node_modules/.cache
             - name: env
               mountPath: {{ .Values.workingDir }}/build/tmp
+            - name: logs
+              mountPath: /opt/app-root/src/.npm/
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -77,3 +79,5 @@ spec:
           emptyDir: {}
         - name: env
           emptyDir: {}
+        - name: logs
+          emptyDir: {}
diff --git a/examples/production/values.yaml b/examples/production/values.yaml
@@ -124,7 +124,7 @@ tornjak-frontend:
   securityContext:
     allowPrivilegeEscalation: false
     runAsNonRoot: true
-    readOnlyRootFilesystem: false
+    readOnlyRootFilesystem: true 
     capabilities:
       drop: [ALL]
     seccompProfile: