From d70292e891fe563d2a25b3c84a972261f25bbf62 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 16 Aug 2021 15:55:21 +0200
Subject: [PATCH] feat(postgres): Enable security enhancements

This patch enables read-only filesystems and no-new-privileges for all
postgres databases managed by the zalando postgres operator.
---
 infrastructure/postgres/release.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/infrastructure/postgres/release.yaml b/infrastructure/postgres/release.yaml
index e9f02292d..64dc5f961 100644
--- a/infrastructure/postgres/release.yaml
+++ b/infrastructure/postgres/release.yaml
@@ -22,3 +22,5 @@ spec:
     # Required due to OpenShift magic
     securityContext:
       runAsUser: null
+      readOnlyRootFilesystem: true
+      allowPrivilegeEscalation: false
-- 
GitLab