From 03d12885e370e62b4747d1e97794f76a9afe6326 Mon Sep 17 00:00:00 2001
From: sysdig <info@sysdig.com>
Date: Tue, 18 Oct 2022 13:03:48 +0000
Subject: [PATCH] * Sysdig - remediate demo:observer
 "SecurityContext.ReadOnlyRootFileSystem" for control "Container with writable
 root file system"

---
 02-observer.yaml | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/02-observer.yaml b/02-observer.yaml
index 240c301..db0bb63 100644
--- a/02-observer.yaml
+++ b/02-observer.yaml
@@ -3,31 +3,31 @@ apiVersion: apps/v1
 metadata:
   name: observer
   labels:
-    name: observer-deployment 
-  
+    name: observer-deployment
 spec:
   replicas: 1
   selector:
     matchLabels:
-     name: observer
-     role: observerapp
+      name: observer
+      role: observerapp
   template:
     spec:
       containers:
-        - name: observer
-          image: bencer/recurling:0.1
-          env:
-            - name: URL
-              value: "result.demo.svc.cluster.local"
-            - name: SLEEP
-              value: "5"
-          resources:
-            limits:
-              memory: 64Mi
-            requests:
-              memory: 32Mi
+      - name: observer
+        image: bencer/recurling:0.1
+        env:
+        - name: URL
+          value: "result.demo.svc.cluster.local"
+        - name: SLEEP
+          value: "5"
+        resources:
+          limits:
+            memory: 64Mi
+          requests:
+            memory: 32Mi
+        securityContext:
+          readOnlyRootFilesystem: true
     metadata:
       labels:
         name: observer
         role: observerapp
-        
\ No newline at end of file