components/*: Forbid write access to root filesystem

Signed-off-by: GitHub <noreply@github.com>
2022-01-27 09:13:18 +00:00
parent 48b2bb6a72
commit 57c46a2861
13 changed files with 33 additions and 5 deletions
--- a/manifests/kubeStateMetrics-deployment.yaml
+++ b/manifests/kubeStateMetrics-deployment.yaml
@@ -43,6 +43,7 @@ spec:
            memory: 190Mi
        securityContext:
          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
          runAsUser: 65534
      - args:
        - --logtostderr
@@ -63,6 +64,7 @@ spec:
            memory: 20Mi
        securityContext:
          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
          runAsGroup: 65532
          runAsNonRoot: true
          runAsUser: 65532
@@ -85,6 +87,7 @@ spec:
            memory: 20Mi
        securityContext:
          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
          runAsGroup: 65532
          runAsNonRoot: true
          runAsUser: 65532