Add read-only root filesystem support to init containers in deployment and stateful set configurations

eliranb · eliranb · commit 7ffb40ca22bf · 2025-05-25T14:44:10.000+03:00
diff --git a/internal/controller/patch_funcs.go b/internal/controller/patch_funcs.go
@@ -141,6 +141,7 @@ func (r *LightrunJavaAgentReconciler) addInitContainer(deploymentApplyConfig *ap
 					).
 					WithAllowPrivilegeEscalation(false).
 					WithRunAsNonRoot(true).
+					WithReadOnlyRootFilesystem(true).
 					WithSeccompProfile(
 						corev1ac.SeccompProfile().
 							WithType(corev1.SeccompProfileTypeRuntimeDefault),
@@ -316,6 +317,7 @@ func (r *LightrunJavaAgentReconciler) addInitContainerToStatefulSet(statefulSetA
 					).
 					WithAllowPrivilegeEscalation(false).
 					WithRunAsNonRoot(true).
+					WithReadOnlyRootFilesystem(true).
 					WithSeccompProfile(
 						corev1ac.SeccompProfile().
 							WithType(corev1.SeccompProfileTypeRuntimeDefault),
