Set readOnlyRootFilesystem to false by default (#362)

application-stacks · Apr 4, 2022 · 8e29709 · 8e29709
1 parent 044b87e
commit 8e29709
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/utils/utils.go b/utils/utils.go
@@ -1102,8 +1102,9 @@ func getSecurityContext(ba common.BaseComponent) *corev1.SecurityContext {
 		Capabilities: &corev1.Capabilities{
 			Drop: cap,
 		},
-		Privileged:   &valFalse,
-		RunAsNonRoot: &valTrue,
+		Privileged:             &valFalse,
+		ReadOnlyRootFilesystem: &valFalse,
+		RunAsNonRoot:           &valTrue,
 	}
 
 	// Customize security context
@@ -1117,6 +1118,9 @@ func getSecurityContext(ba common.BaseComponent) *corev1.SecurityContext {
 		if baSecurityContext.Privileged == nil {
 			baSecurityContext.Privileged = secContext.Privileged
 		}
+		if baSecurityContext.ReadOnlyRootFilesystem == nil {
+			baSecurityContext.ReadOnlyRootFilesystem = secContext.ReadOnlyRootFilesystem
+		}
 		if baSecurityContext.RunAsNonRoot == nil {
 			baSecurityContext.RunAsNonRoot = secContext.RunAsNonRoot
 		}