feat: add readOnlyRootFilesystem if possible

Signed-off-by: Jan Jansen <jan.jansen@gdata.de>

charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml

@@ -61,6 +61,8 @@ spec:
             - mountPath: /csi
               name: socket-dir
           resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
         - name: liveness-probe
           image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
           args:
@@ -73,6 +75,8 @@ spec:
             - name: socket-dir
               mountPath: /csi
           resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
         - name: nfs
           image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}"
           securityContext:
@@ -80,6 +84,7 @@ spec:
             capabilities:
               add: ["SYS_ADMIN"]
             allowPrivilegeEscalation: true
+            readOnlyRootFilesystem: true
           imagePullPolicy: {{ .Values.image.nfs.pullPolicy }}
           args:
             - "--v={{ .Values.controller.logLevel }}"

charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml

@@ -51,6 +51,8 @@ spec:
             - name: socket-dir
               mountPath: /csi
           resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
         - name: node-driver-registrar
           image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
           livenessProbe:
@@ -85,6 +87,7 @@ spec:
             capabilities:
               add: ["SYS_ADMIN"]
             allowPrivilegeEscalation: true
+            readOnlyRootFilesystem: true
           image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}"
           args :
             - "--v={{ .Values.node.logLevel }}"