Merge pull request #1536 from alphagov/set-readonlyrootfilesystem-on-…

…argo-workflow-pods Set readOnlyRootFileSystem on Argo Workflow pods
alphagov · Nov 27, 2024 · e7e840d · e7e840d
2 parents e56ffcb + 100f300
commit e7e840d
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/terraform/deployments/cluster-services/argo.tf b/terraform/deployments/cluster-services/argo.tf
@@ -267,6 +267,7 @@ resource "helm_release" "argo_workflows" {
         }
       }
       securityContext = {
+        readOnlyRootFileSystem   = true
         allowPrivilegeEscalation = false
         capabilities = {
           drop = ["ALL"]
@@ -276,6 +277,7 @@ resource "helm_release" "argo_workflows" {
 
     mainContainer = {
       securityContext = {
+        readOnlyRootFileSystem   = true
         allowPrivilegeEscalation = false
         capabilities = {
           drop = ["ALL"]