From 4f5b96413fd24ff6bb5137d8224199f3d89acc62 Mon Sep 17 00:00:00 2001
From: Nitin Goyal <nigoyal@redhat.com>
Date: Fri, 5 Apr 2024 12:33:34 +0530
Subject: [PATCH] bundle: add readOnlyRootFilesystem for odf-operator

Signed-off-by: Nitin Goyal <nigoyal@redhat.com>
---
 bundle/manifests/odf-operator.clusterserviceversion.yaml | 4 +++-
 config/default/manager_auth_proxy_patch.yaml             | 1 +
 config/manager/manager.yaml                              | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/bundle/manifests/odf-operator.clusterserviceversion.yaml b/bundle/manifests/odf-operator.clusterserviceversion.yaml
index de1145478..39602479f 100644
--- a/bundle/manifests/odf-operator.clusterserviceversion.yaml
+++ b/bundle/manifests/odf-operator.clusterserviceversion.yaml
@@ -35,7 +35,7 @@ metadata:
     categories: Storage
     console.openshift.io/plugins: '["odf-console"]'
     containerImage: quay.io/ocs-dev/odf-operator:latest
-    createdAt: "2024-03-22T02:45:54Z"
+    createdAt: "2024-04-05T07:02:02Z"
     description: OpenShift Data Foundation provides a common control plane for storage
       solutions on OpenShift Container Platform.
     features.operators.openshift.io/token-auth-aws: "true"
@@ -419,6 +419,7 @@ spec:
                   capabilities:
                     drop:
                     - ALL
+                  readOnlyRootFilesystem: true
               - args:
                 - --health-probe-bind-address=:8081
                 - --metrics-bind-address=127.0.0.1:8080
@@ -460,6 +461,7 @@ spec:
                   capabilities:
                     drop:
                     - ALL
+                  readOnlyRootFilesystem: true
               securityContext:
                 runAsNonRoot: true
               serviceAccountName: odf-operator-controller-manager
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
index 14fee3c28..16fe0d9ce 100644
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -24,6 +24,7 @@ spec:
           capabilities:
             drop:
               - ALL
+          readOnlyRootFilesystem: true
       - name: manager
         args:
         - "--health-probe-bind-address=:8081"
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index ad4b38b19..d4d689ace 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -49,6 +49,7 @@ spec:
           capabilities:
             drop:
               - ALL
+          readOnlyRootFilesystem: true
         livenessProbe:
           httpGet:
             path: /healthz