From 86093f86bdbad2425d57390ecdee201f8aa65b6b Mon Sep 17 00:00:00 2001
From: Ryan Phillips <rphillips@redhat.com>
Date: Tue, 22 Apr 2025 16:27:03 -0500
Subject: [PATCH] kubelet: readonly mounts for criometricsproxy

---
 .../master/01-master-kubelet/_base/files/criometricsproxy.yaml  | 2 ++
 .../worker/01-worker-kubelet/_base/files/criometricsproxy.yaml  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml b/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml
index 17ed1ffc8d..bcdf704c09 100644
--- a/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml
+++ b/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml
@@ -75,6 +75,8 @@ contents:
         - name: etc-kube
           mountPath: "/etc/kubernetes"
           mountPropagation: HostToContainer
+          readOnly: true
         - name: var-lib-kubelet
           mountPath: "/var/lib/kubelet"
           mountPropagation: HostToContainer
+          readOnly: true
diff --git a/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml b/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml
index 17ed1ffc8d..bcdf704c09 100644
--- a/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml
+++ b/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml
@@ -75,6 +75,8 @@ contents:
         - name: etc-kube
           mountPath: "/etc/kubernetes"
           mountPropagation: HostToContainer
+          readOnly: true
         - name: var-lib-kubelet
           mountPath: "/var/lib/kubelet"
           mountPropagation: HostToContainer
+          readOnly: true