From 0dd4391344c992cfc759907053ae7643267ab0c4 Mon Sep 17 00:00:00 2001
From: savitaashture <sashture@redhat.com>
Date: Wed, 28 Aug 2024 22:30:28 +0530
Subject: [PATCH] Set readOnlyRootFilesystem as true in Interceptor

---
 config/interceptors/core-interceptors-deployment.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/interceptors/core-interceptors-deployment.yaml b/config/interceptors/core-interceptors-deployment.yaml
index 82d853f93..dc524d9c9 100644
--- a/config/interceptors/core-interceptors-deployment.yaml
+++ b/config/interceptors/core-interceptors-deployment.yaml
@@ -82,6 +82,7 @@ spec:
           timeoutSeconds: 5
         securityContext:
           allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
           # User 65532 is the distroless nonroot user ID
           runAsUser: 65532
           runAsGroup: 65532