From 28e049395585196707bf7b04feabace06d745589 Mon Sep 17 00:00:00 2001
From: Rahul Khiyani <rk0850@att.com>
Date: Thu, 28 Feb 2019 19:48:18 -0500
Subject: [PATCH] readOnlyRootFilesystem: true for Grafana chart

Fix for adding readOnlyRootFilesystem flag at pod
level

Change-Id: Icf0244ca0e5c5eb1b96b17e8b7a64819d1093f0d
---
 grafana/templates/deployment.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml
index f74f40f01..694dffef6 100644
--- a/grafana/templates/deployment.yaml
+++ b/grafana/templates/deployment.yaml
@@ -44,6 +44,8 @@ spec:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+      securityContext:
+        readOnlyRootFilesystem: true
 {{ dict "envAll" $envAll "application" "grafana" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
       nodeSelector: