From 213e35b1d7f1cc4c208b065e87ef7879912768f3 Mon Sep 17 00:00:00 2001
From: Xiangjing Li <55890329+xiangjingli@users.noreply.github.com>
Date: Mon, 29 Jan 2024 17:22:28 -0500
Subject: [PATCH] enable readOnlyRootFilesystem on cluster permission pod (#16)

Signed-off-by: Xiangjing Li <xiangli@redhat.com>
---
 chart/templates/cluster-permission.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/chart/templates/cluster-permission.yaml b/chart/templates/cluster-permission.yaml
index 998a81a..801928b 100644
--- a/chart/templates/cluster-permission.yaml
+++ b/chart/templates/cluster-permission.yaml
@@ -77,6 +77,7 @@ spec:
             drop:
             - ALL
           privileged: false
+          readOnlyRootFilesystem: true
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
       hostIPC: false