-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
None
In order for set readOnlyRootFilesystem=true, according to
https://github.com/arkmq-org/activemq-artemis-operator/discussions/1014
spec.deploymentPlan.containerSecurityContext + extraVolumeMounts
However, the extraVolumeMounts are not applied to initContainers.
This leads to two problems:
1. initcontainer can't be configured to readOnlyRootFilesystem=true
2. a semi workaround is to set the broker container readOnlyRootFilesystem=true by using
spec:
resourceTemplates:
- selector:
kind: "StatefulSet"
patch:
kind: "StatefulSet"
spec:
template:
spec:
containers:
- name: "broker-container"
securityContext:
readOnlyRootFilesystem: true