From 9b265d744e510afadd8ae83da930e37e8e3fc328 Mon Sep 17 00:00:00 2001 From: RAHUL KHIYANI Date: Wed, 8 May 2019 13:25:23 -0500 Subject: [PATCH] Elasticsearch: Add read-only-fs This PS adds the default read-only-rootfs to true for elasticsearch chart Change-Id: Iff06ee40e299d7dd4f4724a39ad5eb67eeae19dd --- elasticsearch/values.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 3f3861ccb..db6caabf7 100644 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -130,7 +130,7 @@ pod: container: memory_map_increase: privileged: true - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true apache_proxy: readOnlyRootFilesystem: false elasticsearch_client: @@ -139,53 +139,53 @@ pod: add: - IPC_LOCK - SYS_RESOURCE - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true master: pod: runAsUser: 0 container: memory_map_increase: privileged: true - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true elasticsearch_master: privileged: true capabilities: add: - IPC_LOCK - SYS_RESOURCE - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true es_cluster_wait: pod: runAsUser: 0 container: elasticsearch_cluster_wait: - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true snapshot_repository: pod: runAsUser: 0 container: register_snapshot_repository: - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true test: pod: runAsUser: 0 container: helm_test: - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true data: pod: runAsUser: 0 container: memory_map_increase: privileged: true - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true elasticsearch_data: privileged: true capabilities: add: - IPC_LOCK - SYS_RESOURCE - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true affinity: anti: type: