From 6a417cde2a5818072a1b44a78d151c5b67336829 Mon Sep 17 00:00:00 2001
From: Hugo Ares <hares@redhat.com>
Date: Tue, 29 Aug 2023 09:19:39 -0400
Subject: [PATCH] fix(HACBS-2481): set readOnlyRootFilesystem for
 controller-manager

This is addressing an issue reported by kube-linter.

Signed-off-by: Hugo Ares <hares@redhat.com>
---
 config/default/manager_auth_proxy_patch.yaml | 2 ++
 config/manager/manager.yaml                  | 1 +
 2 files changed, 3 insertions(+)

diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
index 45be3188..23d6f4a8 100644
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -27,6 +27,8 @@ spec:
           requests:
             cpu: 5m
             memory: 64Mi
+        securityContext:
+          readOnlyRootFilesystem: true
       - name: manager
         args:
         - "--health-probe-bind-address=:8081"
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index b86b00a0..a72c6ddc 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -35,6 +35,7 @@ spec:
         name: manager
         securityContext:
           allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
         livenessProbe:
           httpGet:
             path: /healthz