mount root fs r/o

bitnami/memcached/templates/deployment.yaml

@@ -68,6 +68,10 @@ spec:
           {{- if .Values.resources }}
           resources: {{- toYaml .Values.resources | nindent 12 }}
           {{- end }}
+          {{- if .Values.securityContext.enabled }}
+          securityContext:
+            readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }}
+          {{- end }}
         {{- if .Values.metrics.enabled }}
         - name: metrics
           image: {{ template "memcached.metrics.image" . }}

bitnami/memcached/templates/statefulset.yaml

@@ -72,6 +72,10 @@ spec:
           {{- if .Values.resources }}
           resources: {{- toYaml .Values.resources | nindent 12 }}
           {{- end }}
+          {{- if .Values.securityContext.enabled }}
+          securityContext:
+            readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }}
+          {{- end }}
           {{- if .Values.persistence.enabled }}
           volumeMounts:
             - name: pv-data

bitnami/memcached/values-production.yaml

@@ -98,6 +98,7 @@ securityContext:
   enabled: true
   fsGroup: 1001
   runAsUser: 1001
+  readOnlyRootFilesystem: true
 
 ## Pod annotations
 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

bitnami/memcached/values.yaml

@@ -98,6 +98,7 @@ securityContext:
   enabled: true
   fsGroup: 1001
   runAsUser: 1001
+  readOnlyRootFilesystem: true
 
 ## Pod annotations
 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/