From 7c95885cb8a97d773fd30a8e97addad01feffe53 Mon Sep 17 00:00:00 2001
From: TIRUMALA MANNARU <tmannaru@in.ibm.com>
Date: Fri, 25 Jul 2025 21:57:32 +0530
Subject: [PATCH 1/2] add emptydir volume for liberty serverdir and output
 directories

---
 internal/controller/operator/containers.go | 10 +++++++++-
 internal/controller/operator/deployment.go | 12 ++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/internal/controller/operator/containers.go b/internal/controller/operator/containers.go
index d71b64d8..6cbf213e 100644
--- a/internal/controller/operator/containers.go
+++ b/internal/controller/operator/containers.go
@@ -342,7 +342,7 @@ func buildAuthServiceContainer(instance *operatorv1alpha1.Authentication, authSe
 			},
 			Privileged:               &falseVar,
 			RunAsNonRoot:             &trueVar,
-			ReadOnlyRootFilesystem:   &falseVar,
+			ReadOnlyRootFilesystem:   &trueVar,
 			AllowPrivilegeEscalation: &falseVar,
 			Capabilities: &corev1.Capabilities{
 				Drop: []corev1.Capability{"ALL"},
@@ -378,6 +378,14 @@ func buildAuthServiceContainer(instance *operatorv1alpha1.Authentication, authSe
 				Name:      "pgsql-client-cred",
 				MountPath: "/pgsql/clientinfo",
 			},
+			{
+				Name:      "liberty-serverdir-vol",
+				MountPath: "/opt/ibm/wlp/usr/servers/defaultServer",
+			},
+			{
+				Name:      "liberty-outputdir-vol",
+				MountPath: "/opt/ibm/wlp/output/defaultServer",
+			},
 		},
 		ReadinessProbe: &corev1.Probe{
 			ProbeHandler: corev1.ProbeHandler{
diff --git a/internal/controller/operator/deployment.go b/internal/controller/operator/deployment.go
index 5864e8d3..84485a6b 100644
--- a/internal/controller/operator/deployment.go
+++ b/internal/controller/operator/deployment.go
@@ -1031,5 +1031,17 @@ func buildIdpVolumes(ldapCACert string, routerCertSecret string) []corev1.Volume
 				},
 			},
 		},
+		{
+			Name: "liberty-serverdir-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
+		{
+			Name: "liberty-outputdir-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
 	}
 }

From 9afc03cded2e2a77281b7aa13ac5e994a8c6b43f Mon Sep 17 00:00:00 2001
From: Raniprathyusha-Elaprolu <raniprathyusha.elaprolu@ibm.com>
Date: Thu, 7 Aug 2025 15:29:49 +0530
Subject: [PATCH 2/2] Added volumes&volumemounts req

---
 internal/controller/operator/containers.go | 21 +++++++++++++++++--
 internal/controller/operator/deployment.go | 24 ++++++++++++++++++++++
 2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/internal/controller/operator/containers.go b/internal/controller/operator/containers.go
index 6cbf213e..c5a09dcd 100644
--- a/internal/controller/operator/containers.go
+++ b/internal/controller/operator/containers.go
@@ -386,6 +386,18 @@ func buildAuthServiceContainer(instance *operatorv1alpha1.Authentication, authSe
 				Name:      "liberty-outputdir-vol",
 				MountPath: "/opt/ibm/wlp/output/defaultServer",
 			},
+			{
+				Name:      "liberty-logs-vol",
+				MountPath: "/logs",
+			},
+			{
+				Name:      "liberty-tmp-vol",
+				MountPath: "/tmp",
+			},
+			{
+				Name:      "auth-service-data-vol",
+				MountPath: "/opt/ibm/auth-service",
+			},
 		},
 		ReadinessProbe: &corev1.Probe{
 			ProbeHandler: corev1.ProbeHandler{
@@ -702,7 +714,7 @@ func buildIdentityProviderContainer(instance *operatorv1alpha1.Authentication, i
 			},
 			Privileged:               &falseVar,
 			RunAsNonRoot:             &trueVar,
-			ReadOnlyRootFilesystem:   &falseVar,
+			ReadOnlyRootFilesystem:   &trueVar,
 			AllowPrivilegeEscalation: &falseVar,
 			Capabilities: &corev1.Capabilities{
 				Drop: []corev1.Capability{"ALL"},
@@ -730,6 +742,11 @@ func buildIdentityProviderContainer(instance *operatorv1alpha1.Authentication, i
 				Name:      "pgsql-client-cred",
 				MountPath: "/pgsql/clientinfo",
 			},
+			{
+				Name:      "provider-data-vol",
+				MountPath: "/opt/ibm/provider-data",
+			},
+
 		},
 		ReadinessProbe: &corev1.Probe{
 			ProbeHandler: corev1.ProbeHandler{
@@ -1070,7 +1087,7 @@ func buildIdentityManagerContainer(instance *operatorv1alpha1.Authentication, id
 			},
 			Privileged:               &falseVar,
 			RunAsNonRoot:             &trueVar,
-			ReadOnlyRootFilesystem:   &falseVar,
+			ReadOnlyRootFilesystem:   &trueVar,
 			AllowPrivilegeEscalation: &falseVar,
 			Capabilities: &corev1.Capabilities{
 				Drop: []corev1.Capability{"ALL"},
diff --git a/internal/controller/operator/deployment.go b/internal/controller/operator/deployment.go
index 84485a6b..c5490a3e 100644
--- a/internal/controller/operator/deployment.go
+++ b/internal/controller/operator/deployment.go
@@ -1043,5 +1043,29 @@ func buildIdpVolumes(ldapCACert string, routerCertSecret string) []corev1.Volume
 				EmptyDir: &corev1.EmptyDirVolumeSource{},
 			},
 		},
+		{
+			Name: "liberty-logs-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
+		{
+			Name: "liberty-tmp-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
+		{
+			Name: "auth-service-data-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
+		{
+			Name: "provider-data-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
 	}
 }