Browse Source

readOnlyFilesystem: true for heat chart

fix for adding readOnlyFilesystem flag at pod level

Change-Id: I014cf0f9c6c19e900d3c210a7f52b4e941bc46e7
changes/47/639447/14
pd2839 3 months ago
parent
commit
294866a81c

+ 2
- 0
heat/templates/deployment-api.yaml View File

@@ -46,6 +46,8 @@ spec:
46 46
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
47 47
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
48 48
     spec:
49
+      securityContext:
50
+        readOnlyRootFilesystem: true
49 51
       serviceAccountName: {{ $serviceAccountName }}
50 52
 {{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
51 53
       affinity:

+ 2
- 0
heat/templates/deployment-cfn.yaml View File

@@ -46,6 +46,8 @@ spec:
46 46
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
47 47
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
48 48
     spec:
49
+      securityContext:
50
+        readOnlyRootFilesystem: true
49 51
       serviceAccountName: {{ $serviceAccountName }}
50 52
 {{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
51 53
       affinity:

+ 2
- 0
heat/templates/deployment-cloudwatch.yaml View File

@@ -46,6 +46,8 @@ spec:
46 46
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
47 47
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
48 48
     spec:
49
+      securityContext:
50
+        readOnlyRootFilesystem: true
49 51
       serviceAccountName: {{ $serviceAccountName }}
50 52
 {{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
51 53
       affinity:

+ 2
- 0
heat/templates/deployment-engine.yaml View File

@@ -54,6 +54,8 @@ spec:
54 54
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
55 55
 {{- end }}
56 56
     spec:
57
+      securityContext:
58
+        readOnlyRootFilesystem: true
57 59
       serviceAccountName: {{ $serviceAccountName }}
58 60
 {{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
59 61
       affinity:

Loading…
Cancel
Save