From f82c40772eb67811e363a72c87a18631b6272e63 Mon Sep 17 00:00:00 2001
From: Filip Strozik <filip.strozik@outlook.com>
Date: Tue, 30 Apr 2024 19:36:25 +0200
Subject: [PATCH] make registry-init privileged v3

---
 config/serverless/charts/docker-registry/values.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/config/serverless/charts/docker-registry/values.yaml b/config/serverless/charts/docker-registry/values.yaml
index 61d61f71d..e274820c9 100644
--- a/config/serverless/charts/docker-registry/values.yaml
+++ b/config/serverless/charts/docker-registry/values.yaml
@@ -131,13 +131,14 @@ initContainers:
   # this is required to allow the initContainer to chmod the volumemount for the registry storage volume. This is incompatible with the security requirements above and should be fixed in the future.
     runAsUser: 0
     runAsGroup: 0
-    privileged: true # TODO: remove this field after resolving TODO in the init container
+    privileged: false 
     allowPrivilegeEscalation: false
     capabilities:
       drop: ["ALL"]
       add: ["CHOWN"]
     procMount: default # Optional. The default is false if the entry is not there.
-    readOnlyRootFilesystem: true # Mandatory
+    # TODO: remove this field after resolving TODO in the init container
+    readOnlyRootFilesystem: false # Mandatory (true)
 
 pod:
   # the following guidelines should be followed for this https://github.com/kyma-project/community/tree/main/concepts/psp-replacement