From 8020251ea1c778ea9cafd7074e0ae2e80b145e29 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Mon, 1 Aug 2022 09:39:31 -0500
Subject: [PATCH] make rootfs readonly

---
 ci/podTemplate.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml
index 258073c..823e05d 100644
--- a/ci/podTemplate.yaml
+++ b/ci/podTemplate.yaml
@@ -15,3 +15,5 @@ spec:
     resources:
       limits:
         cpu: 500m
+    securityContext:
+      readOnlyRootFilesystem: true