From 889c0b1d674feb10123817a4270d0b4cfe39636e Mon Sep 17 00:00:00 2001
From: tkdchen <qcxhome@gmail.com>
Date: Fri, 12 Jan 2024 10:59:06 +0800
Subject: [PATCH] Restore kube-linter rule (#89)

* Revert "Revert readOnlyRootFilesystem for image_pruner (#65)"

This reverts commit 2b2e5a559a38bcc897ae3a822037fd12ae0670d9.

* Revert "Disable no-read-only-root-fs kube-linter rule for image pruner job (#77)"

This reverts commit de983aa7e12c79725512b17f5428c76e1311458f.
---
 config/registry_image_pruner/cronjob.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/registry_image_pruner/cronjob.yaml b/config/registry_image_pruner/cronjob.yaml
index c1ec828..d7b2c5b 100644
--- a/config/registry_image_pruner/cronjob.yaml
+++ b/config/registry_image_pruner/cronjob.yaml
@@ -2,8 +2,6 @@ apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: image-pruner-cronjob
-  annotations:
-    ignore-check.kube-linter.io/no-read-only-root-fs: 'image pruner writes to disk'
 spec:
   schedule: "0 0 * * *"
   concurrencyPolicy: Forbid
@@ -40,6 +38,8 @@ spec:
               requests:
                 cpu: 150m
                 memory: 128Mi
+            securityContext:
+              readOnlyRootFilesystem: true
           restartPolicy: OnFailure
           securityContext:
             runAsNonRoot: true