From 0c502d20628b35951b8acc78e581dbbb312606d2 Mon Sep 17 00:00:00 2001
From: pd2839 <pd2839@att.com>
Date: Tue, 26 Feb 2019 15:08:36 -0600
Subject: [PATCH] readOnlyFilesystem: true for keystone chart

Fix for adding readOnlyFilesystem flag at pod level

Change-Id: I37fb7f580ae0a408530d58b195c353e41d701eac
---
 keystone/templates/deployment-api.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
index 5973a514ea..2d45810ef1 100644
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@@ -46,6 +46,8 @@ spec:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+      securityContext:
+        readOnlyRootFilesystem: true
 {{ dict "envAll" $envAll "application" "keystone" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
       affinity: