Set readOnlyRootFileSystem on Argo Workflow pods

Description: - As part of alphagov/govuk-helm-charts#1883
alphagov · Nov 27, 2024 · 100f300 · 100f300
1 parent e56ffcb
commit 100f300
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/terraform/deployments/cluster-services/argo.tf b/terraform/deployments/cluster-services/argo.tf
@@ -267,6 +267,7 @@ resource "helm_release" "argo_workflows" {
         }
       }
       securityContext = {
+        readOnlyRootFileSystem   = true
         allowPrivilegeEscalation = false
         capabilities = {
           drop = ["ALL"]
@@ -276,6 +277,7 @@ resource "helm_release" "argo_workflows" {
 
     mainContainer = {
       securityContext = {
+        readOnlyRootFileSystem   = true
         allowPrivilegeEscalation = false
         capabilities = {
           drop = ["ALL"]