From afb3a542ccab27038999faa427676315beafafca Mon Sep 17 00:00:00 2001
From: Stan M <github@welcome01.org>
Date: Tue, 9 Apr 2024 17:32:42 +0200
Subject: [PATCH] feat: Ensure container can run with readOnlyRootFilesystem

---
 charts/planka/templates/deployment.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/charts/planka/templates/deployment.yaml b/charts/planka/templates/deployment.yaml
index 2d0d35b..2ffe596 100644
--- a/charts/planka/templates/deployment.yaml
+++ b/charts/planka/templates/deployment.yaml
@@ -55,6 +55,11 @@ spec:
             - mountPath: /app/private/attachments
               subPath: attachments
               name: planka
+          {{- if .Values.securityContext.readOnlyRootFilesystem }}
+            - mountPath: /app/logs
+              subPath: app-logs
+              name: emptydir
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           env:
@@ -139,3 +144,7 @@ spec:
     {{- else }}
           emptyDir: {}
     {{- end }}
+    {{- if .Values.securityContext.readOnlyRootFilesystem }}
+        - name: emptydir
+          emptyDir: {}
+     {{- end }}