From cae1cc5e5f973ce61ce153bc3d29ef3b905785f7 Mon Sep 17 00:00:00 2001 From: Gabe Cook Date: Fri, 12 Apr 2024 12:16:24 -0500 Subject: [PATCH] chore(config): Enable `readOnlyRootFilesystem` --- config/default/manager_auth_proxy_patch.yaml | 1 + config/manager/manager.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 70c3437..07979a1 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -15,6 +15,7 @@ spec: capabilities: drop: - "ALL" + readOnlyRootFilesystem: true image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 args: - "--secure-listen-address=0.0.0.0:8443" diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index fb0b416..3be77da 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -77,6 +77,7 @@ spec: capabilities: drop: - "ALL" + readOnlyRootFilesystem: true livenessProbe: httpGet: path: /healthz