Adding missing readOnlyRootFilesystem flag for container security context

Change-Id: Id11292ec0a76dbf659e918833859b9109c07cc18
2019-11-05 15:40:36 -06:00 · 2019-11-05 15:40:36 -06:00 · c2bd947787
parent efe3d3cf19
commit c2bd947787
2 changed files with 2 additions and 4 deletions
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@ -60,9 +60,6 @@ spec:
 {{ tuple $envAll "horizon" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "horizon" "container" "horizon" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-          securityContext:
-            runAsUser: 0
-            allowPrivilegeEscalation: false
          command:
            - /tmp/horizon.sh
            - start
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@ -2028,8 +2028,9 @@ pod:
        runAsUser: 42424
      container:
        horizon:
-          readOnlyRootFilesystem: true
+          readOnlyRootFilesystem: false
          allowPrivilegeEscalation: false
+          runAsUser: 0
  affinity:
    anti:
      type: