From 598040bea05737ea1ee2460ba8675ed7c061e63a Mon Sep 17 00:00:00 2001
From: Rahul Khiyani <rk0850@att.com>
Date: Tue, 26 Feb 2019 06:53:31 -0500
Subject: [PATCH] readOnlyRootFilesystem: true for openvswitch chart

Fix for adding readOnlyRootFilesystem flag at pod
level

Change-Id: If0943518bdec0d950c50c90aa89929d1a42aa0a0
---
 openvswitch/templates/daemonset-ovs-db.yaml       | 2 ++
 openvswitch/templates/daemonset-ovs-vswitchd.yaml | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml
index 653b5b93b..06cdf437f 100644
--- a/openvswitch/templates/daemonset-ovs-db.yaml
+++ b/openvswitch/templates/daemonset-ovs-db.yaml
@@ -40,6 +40,8 @@ spec:
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+      securityContext:
+        readOnlyRootFilesystem: true
       shareProcessNamespace: true
       serviceAccountName: {{ $serviceAccountName }}
       nodeSelector:
diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml
index ae2655def..a2fc25d19 100644
--- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml
+++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml
@@ -40,6 +40,8 @@ spec:
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+      securityContext:
+        readOnlyRootFilesystem: true
       shareProcessNamespace: true
       serviceAccountName: {{ $serviceAccountName }}
       nodeSelector: