From e84939c5747449a30b5acd056d46db9b1970a527 Mon Sep 17 00:00:00 2001
From: Aaron Sheffield <ajs@sheffieldfamily.net>
Date: Mon, 20 Aug 2018 11:25:47 -0500
Subject: [PATCH] Add readOnlyRootFilesystem to HAProxy and CoreDNS.

- Added security context readOnlyRootFilesystem as true.

Change-Id: I84ea5a17f84bebac795e7ed72a7dff530ef081bb
---
 charts/haproxy/templates/daemonset.yaml        | 2 ++
 charts/haproxy/templates/etc/_haproxy.yaml.tpl | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/charts/haproxy/templates/daemonset.yaml b/charts/haproxy/templates/daemonset.yaml
index aac66955..32f55723 100644
--- a/charts/haproxy/templates/daemonset.yaml
+++ b/charts/haproxy/templates/daemonset.yaml
@@ -67,6 +67,8 @@ spec:
               mountPath: /tmp/etc
             - name: host
               mountPath: /host
+      securityContext:
+        readOnlyRootFilesystem: true
       volumes:
         - name: haproxy-bin
           configMap:
diff --git a/charts/haproxy/templates/etc/_haproxy.yaml.tpl b/charts/haproxy/templates/etc/_haproxy.yaml.tpl
index 25315207..9839a72b 100644
--- a/charts/haproxy/templates/etc/_haproxy.yaml.tpl
+++ b/charts/haproxy/templates/etc/_haproxy.yaml.tpl
@@ -91,3 +91,5 @@ spec:
     - name: etc
       hostPath:
         path: {{ .Values.conf.haproxy.host_config_dir }}
+  securityContext:
+    readOnlyRootFilesystem: true