add readonly for the ssh secrets

oxheadalpha · Oct 24, 2023 · 826cef4 · 826cef4
1 parent 0aeda6a
commit 826cef4
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/charts/tezos-signer-forwarder/templates/statefulset.yaml b/charts/tezos-signer-forwarder/templates/statefulset.yaml
@@ -38,6 +38,7 @@ spec:
         secret:
            secretName: tezos-signer-forwarder-secret-{{ $.Values.name }}
            defaultMode: 0400
+           readOnly: true
       containers:
       - name: tezos-signer-forwarder
         image: {{ $.Values.tezos_k8s_images.tezos_signer_forwarder }}
@@ -52,9 +53,11 @@ spec:
         - name: config-volume
           mountPath: /home/signer/.ssh/authorized_keys
           subPath: authorized_keys
+          readOnly: true
         - name: secret-volume
           mountPath: /etc/ssh/ssh_host_ecdsa_key
           subPath: ssh_host_ecdsa_key
+          readOnly: true
         env:
         - name: TUNNEL_ENDPOINT_PORT
           valueFrom: