specify ReadOnlyRootFilesystem: false for pod security policies (zalando#560)

knan-nrk · FxKu · commit c65a9baedf20 · 2019-06-17T14:03:33.000+02:00
Explicitly specify ReadOnlyRootFilesystem: false so kubernetes can pick
a less restrictive policy the operator has access to.
diff --git a/pkg/cluster/k8sres.go b/pkg/cluster/k8sres.go
@@ -359,6 +359,8 @@ func generateContainer(
 	volumeMounts []v1.VolumeMount,
 	privilegedMode bool,
 ) *v1.Container {
+	falseBool := false
+
 	return &v1.Container{
 		Name:            name,
 		Image:           *dockerImage,
@@ -382,6 +384,7 @@ func generateContainer(
 		Env:          envVars,
 		SecurityContext: &v1.SecurityContext{
 			Privileged: &privilegedMode,
+			ReadOnlyRootFilesystem: &falseBool,
 		},
 	}
 }
