From f50ffd4b5eae33242e4f59d8071c37b68192aef9 Mon Sep 17 00:00:00 2001
From: eliranb <eliranb@lightrun.com>
Date: Tue, 15 Apr 2025 17:25:00 +0300
Subject: [PATCH] Add read-only root filesystem to init container configuration
 for enhanced security.

---
 internal/controller/patch_funcs.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/controller/patch_funcs.go b/internal/controller/patch_funcs.go
index ccf8684..e404782 100644
--- a/internal/controller/patch_funcs.go
+++ b/internal/controller/patch_funcs.go
@@ -141,6 +141,7 @@ func (r *LightrunJavaAgentReconciler) addInitContainer(deploymentApplyConfig *ap
 					).
 					WithAllowPrivilegeEscalation(false).
 					WithRunAsNonRoot(true).
+					WithReadOnlyRootFilesystem(true).
 					WithSeccompProfile(
 						corev1ac.SeccompProfile().
 							WithType(corev1.SeccompProfileTypeRuntimeDefault),