specify ReadOnlyRootFilesystem: false for pod security policies (#560)

Explicitly specify ReadOnlyRootFilesystem: false so kubernetes can pick a less restrictive policy the operator has access to.
2019-06-17 14:03:33 +02:00 · 2019-06-17 14:03:33 +02:00 · c65a9baedf
parent 44acd7e4db
commit c65a9baedf
1 changed files with 3 additions and 0 deletions
--- a/pkg/cluster/k8sres.go
+++ b/pkg/cluster/k8sres.go
@ -359,6 +359,8 @@ func generateContainer(
 	volumeMounts []v1.VolumeMount,
 	privilegedMode bool,
 ) *v1.Container {
+	falseBool := false
+
 	return &v1.Container{
 		Name:            name,
 		Image:           *dockerImage,
@ -382,6 +384,7 @@ func generateContainer(
 		Env:          envVars,
 		SecurityContext: &v1.SecurityContext{
 			Privileged: &privilegedMode,
+			ReadOnlyRootFilesystem: &falseBool,
 		},
 	}
 }