From 7c1774194a4e5c760a93361abc7937fb4ceef0af Mon Sep 17 00:00:00 2001
From: Damian Badura <45110612+dbadura@users.noreply.github.com>
Date: Fri, 20 Oct 2023 16:22:58 +0200
Subject: [PATCH] Fix read only dir (#129)

* fix read only dir

* add another tmp dir

* use different dif

* add operator tmp dir
---
 charts/warden/charts/admission/templates/deployment.yaml | 8 ++++++++
 charts/warden/charts/operator/templates/deployment.yaml  | 4 ++++
 charts/warden/values.yaml                                | 1 +
 3 files changed, 13 insertions(+)

diff --git a/charts/warden/charts/admission/templates/deployment.yaml b/charts/warden/charts/admission/templates/deployment.yaml
index 06a84ed9..ce4d8e0c 100644
--- a/charts/warden/charts/admission/templates/deployment.yaml
+++ b/charts/warden/charts/admission/templates/deployment.yaml
@@ -48,9 +48,17 @@ spec:
           volumeMounts:
             - name: config
               mountPath: {{ .Values.global.config.dir }}
+            - name: tmp-cert
+              mountPath: /tmp/k8s-webhook-server/
+            - name: notary-tmp
+              mountPath: /tmp/.notary
       volumes:
         - name: config
           configMap:
             name: {{ .Values.global.config.configmapName }}
+        - name: tmp-cert
+          emptyDir: {}
+        - name: notary-tmp
+          emptyDir: {}
       priorityClassName: {{ .Values.global.wardenPriorityClassName }}
     
diff --git a/charts/warden/charts/operator/templates/deployment.yaml b/charts/warden/charts/operator/templates/deployment.yaml
index c7b9b9a8..eb94fcb9 100644
--- a/charts/warden/charts/operator/templates/deployment.yaml
+++ b/charts/warden/charts/operator/templates/deployment.yaml
@@ -47,8 +47,12 @@ spec:
           volumeMounts:
             - name: config
               mountPath: {{ .Values.global.config.dir }}
+            - name: notary-tmp
+              mountPath: /tmp/.notary
       volumes:
         - name: config
           configMap:
             name: {{ .Values.global.config.configmapName }}
+        - name: notary-tmp
+          emptyDir: { }
       priorityClassName: {{ .Values.global.wardenPriorityClassName }}
diff --git a/charts/warden/values.yaml b/charts/warden/values.yaml
index c9859141..a252e248 100644
--- a/charts/warden/values.yaml
+++ b/charts/warden/values.yaml
@@ -65,6 +65,7 @@ global:
     capabilities:
       drop:
         - ALL
+    readOnlyRootFilesystem: true
 
 
 #TODO: group k8s related settings under kubernetes?