doc updates

giantswarm · Dec 18, 2024 · 540fbad · 540fbad
1 parent ff0371d
commit 540fbad
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 4 deletions.
diff --git a/diffs/helm__envoy-gateway__values.schema.json.patch b/diffs/helm__envoy-gateway__values.schema.json.patch
@@ -1,9 +1,9 @@
 diff --git a/helm/envoy-gateway/values.schema.json b/helm/envoy-gateway/values.schema.json
 new file mode 100644
-index 0000000..7cd4c63
+index 0000000..919b5cd
 --- /dev/null
 +++ b/helm/envoy-gateway/values.schema.json
-@@ -0,0 +1,359 @@
+@@ -0,0 +1,362 @@
 +{
 +    "$schema": "http://json-schema.org/schema#",
 +    "type": "object",
@@ -228,6 +228,9 @@ index 0000000..7cd4c63
 +                                "runAsUser": {
 +                                    "type": "integer"
 +                                },
++                                "readOnlyRootFilesystem": {
++                                    "type": "integer"
++                                },
 +                                "seccompProfile": {
 +                                    "type": "object",
 +                                    "properties": {

diff --git a/diffs/helm__envoy-gateway__values.yaml.patch b/diffs/helm__envoy-gateway__values.yaml.patch
@@ -1,5 +1,5 @@
 diff --git a/vendor/gateway-helm/values.yaml b/helm/envoy-gateway/values.yaml
-index 56cf308..039ed6f 100644
+index 56cf308..810dabd 100644
 --- a/vendor/gateway-helm/values.yaml
 +++ b/helm/envoy-gateway/values.yaml
 @@ -22,11 +22,14 @@ podDisruptionBudget:
@@ -19,7 +19,15 @@ index 56cf308..039ed6f 100644
      imagePullPolicy: ""
      imagePullSecrets: []
      resources:
-@@ -88,11 +91,15 @@ createNamespace: false
+@@ -44,6 +47,7 @@ deployment:
+       runAsNonRoot: true
+       runAsGroup: 65532
+       runAsUser: 65532
++      readOnlyRootFilesystem: true
+       seccompProfile:
+         type: RuntimeDefault
+   ports:
+@@ -88,11 +92,15 @@ createNamespace: false
 
  kubernetesClusterDomain: cluster.local
 

diff --git a/helm/envoy-gateway/README.md b/helm/envoy-gateway/README.md
@@ -82,6 +82,7 @@ To uninstall the chart:
 | deployment.envoyGateway.securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | deployment.envoyGateway.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | deployment.envoyGateway.securityContext.privileged | bool | `false` |  |
+| deployment.envoyGateway.securityContext.readOnlyRootFilesystem | bool | `true` |  |
 | deployment.envoyGateway.securityContext.runAsGroup | int | `65532` |  |
 | deployment.envoyGateway.securityContext.runAsNonRoot | bool | `true` |  |
 | deployment.envoyGateway.securityContext.runAsUser | int | `65532` |  |