Closed NissesSenap closed 1 year ago
In https://github.com/open-policy-agent/gatekeeper-library/blob/master/src/pod-security-policy/read-only-root-filesystem/constraint.tmpl ephemeralContainer is included by default.
Currently we want to enable ephemeralContainers to write to root disk since you can mount a volume nor reach the already existing containers disk.
This is not ideal but better then any other solution that we currently got.
In https://github.com/open-policy-agent/gatekeeper-library/blob/master/src/pod-security-policy/read-only-root-filesystem/constraint.tmpl ephemeralContainer is included by default.
Currently we want to enable ephemeralContainers to write to root disk since you can mount a volume nor reach the already existing containers disk.
This is not ideal but better then any other solution that we currently got.