diff --git a/charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml b/charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml index 9190b673..fab3c95d 100644 --- a/charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml +++ b/charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml @@ -61,6 +61,8 @@ spec: - mountPath: /csi name: socket-dir resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} + securityContext: + readOnlyRootFilesystem: true - name: liveness-probe image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" args: @@ -73,6 +75,8 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} + securityContext: + readOnlyRootFilesystem: true - name: nfs image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}" securityContext: @@ -80,6 +84,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true + readOnlyRootFilesystem: true imagePullPolicy: {{ .Values.image.nfs.pullPolicy }} args: - "--v={{ .Values.controller.logLevel }}" diff --git a/charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml b/charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml index b9f819fc..7a50edb8 100644 --- a/charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml +++ b/charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml @@ -51,6 +51,8 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} + securityContext: + readOnlyRootFilesystem: true - name: node-driver-registrar image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" livenessProbe: @@ -85,6 +87,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true + readOnlyRootFilesystem: true image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}" args : - "--v={{ .Values.node.logLevel }}"