Add security context for the mount container

togashidm · killianmuldoon · commit 9f0c9ea61d16 · 2021-03-24T10:05:43.000Z
Mount container's root file system set as read-only in
the deployment file.
diff --git a/deploy/tas-deployment.yaml b/deploy/tas-deployment.yaml
@@ -30,7 +30,9 @@ spec:
         - --key=/tas/cert/tls.key
         - --cacert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
         image: tas-extender
-        imagePullPolicy: IfNotPresent 
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          readOnlyRootFilesystem: true 
         volumeMounts:
         - name: certs
           mountPath: /tas/cert
