weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Enable readOnlyRootFilesystem by default

Browse Source 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
This commit is contained in:
Richard Wall 2023-10-31 09:55:23 +00:00
parent 9dfb7c3ecf
commit 6d206795c7
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
deploy/charts/cert-manager/values.yaml
View File

@ -181,7 +181,7 @@ containerSecurityContext:
capabilities:
drop:
- ALL
# readOnlyRootFilesystem: true
readOnlyRootFilesystem: true
# runAsNonRoot: true
@ -345,7 +345,7 @@ webhook:
capabilities:
drop:
- ALL
# readOnlyRootFilesystem: true
readOnlyRootFilesystem: true
# runAsNonRoot: true
# Optional additional annotations to add to the webhook Deployment
@ -548,7 +548,7 @@ cainjector:
capabilities:
drop:
- ALL
# readOnlyRootFilesystem: true
readOnlyRootFilesystem: true
# runAsNonRoot: true
@ -658,7 +658,7 @@ startupapicheck:
capabilities:
drop:
- ALL
# readOnlyRootFilesystem: true
readOnlyRootFilesystem: true
# runAsNonRoot: true
# Timeout for 'kubectl check api' command