Merge pull request #136 from razo7/read-only-pod-fs

openshift-merge-bot[bot] · web-flow · commit 2bbe58fee1f4 · 2024-12-11T07:44:37.000Z
Limit Access to the pod's Root File System
diff --git a/bundle/manifests/node-maintenance-operator.clusterserviceversion.yaml b/bundle/manifests/node-maintenance-operator.clusterserviceversion.yaml
@@ -283,6 +283,7 @@ spec:
                   capabilities:
                     drop:
                     - ALL
+                  readOnlyRootFilesystem: true
               priorityClassName: system-cluster-critical
               securityContext:
                 runAsNonRoot: true
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -67,6 +67,7 @@ spec:
         name: manager
         securityContext:
           allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
           capabilities:
             drop:
             - "ALL"
