From cfef77560a039021f16621e91ef74cb3ca1c6c08 Mon Sep 17 00:00:00 2001
From: Scott Trent <trent@jp.ibm.com>
Date: Thu, 12 Sep 2024 14:20:46 +0900
Subject: [PATCH] readOnlyRootFilesystem: true

Signed-off-by: Scott Trent <trent@jp.ibm.com>
---
 config/manager/manager.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 67a3a6f..42ccee8 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -169,6 +169,7 @@ spec:
           runAsUser: 12001
           runAsGroup: 12001
           allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
           capabilities:
             drop:
               - "ALL"