Set readOnlyRootFilesystem as true for PAC resources (#1756)

Setting Controller, Webhook and Watcher Deployments securityContext readOnlyRootFilesystem to true to increase the security and to avoid being flagged by the security scanner. Signed-off-by: Savita Ashture <[email protected]>
openshift-pipelines · Aug 29, 2024 · 5c88f74 · 5c88f74
1 parent 2d465fe
commit 5c88f74
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/config/400-controller.yaml b/config/400-controller.yaml
@@ -54,6 +54,7 @@ spec:
               containerPort: 9090
           securityContext:
             allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
             capabilities:
               drop:
                 - ALL

diff --git a/config/500-watcher.yaml b/config/500-watcher.yaml
@@ -67,6 +67,7 @@ spec:
             containerPort: 9090
           securityContext:
             allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
             capabilities:
               drop:
                 - ALL

diff --git a/config/600-webhook.yaml b/config/600-webhook.yaml
@@ -65,6 +65,7 @@ spec:
               containerPort: 8443
           securityContext:
             allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
             capabilities:
               drop:
                 - ALL