Merge pull request #3866 from MarcStorm/feat/readonlyfilesystem

Sheikh-Abubaker · web-flow · commit 2e1a58ac8c33 · 2025-11-14T14:38:25.000+05:30
[pdc-agent] feat: support for readOnlyRootFilesystem
diff --git a/charts/pdc-agent/Chart.yaml b/charts/pdc-agent/Chart.yaml
@@ -3,7 +3,7 @@ name: pdc-agent
 description: PDC agent is an agent for connecting to Grafana Private Data source Connect
 type: application
 appVersion: "0.0.45"
-version: 0.0.1
+version: 0.0.2
 home: https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/
 sources:
   - https://github.com/grafana/pdc-agent
diff --git a/charts/pdc-agent/README.md b/charts/pdc-agent/README.md
@@ -1,6 +1,6 @@
 # pdc-agent
 
-![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.45](https://img.shields.io/badge/AppVersion-0.0.45-informational?style=flat-square)
+![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.45](https://img.shields.io/badge/AppVersion-0.0.45-informational?style=flat-square)
 
 PDC agent is an agent for connecting to Grafana Private Data source Connect
 
@@ -38,6 +38,7 @@ PDC agent is an agent for connecting to Grafana Private Data source Connect
 | securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | securityContext.privileged | bool | `false` |  |
+| securityContext.readOnlyRootFilesystem | bool | `false` | Enable running in a read-only root filesystem. |
 | securityContext.runAsNonRoot | bool | `true` |  |
 | tokenSecretName | string | `""` | secretName Expects a secret with key `token` which contains the Access Policy token you generated |
 | tolerations | list | `[]` | not required, but left in as a choice |
diff --git a/charts/pdc-agent/templates/deployment.yaml b/charts/pdc-agent/templates/deployment.yaml
@@ -75,6 +75,17 @@ spec:
             {{- range .Values.extraArgs }}
             - {{ . }}
             {{- end }}
+          {{- if .Values.securityContext.readOnlyRootFilesystem }}
+          volumeMounts:
+            - mountPath: /home/pdc/
+              name: ssh-cache
+          {{- end }}
+      {{- if .Values.securityContext.readOnlyRootFilesystem }}
+      volumes:
+        - name: ssh-cache
+          emptyDir:
+            sizeLimit: 50Mi
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
diff --git a/charts/pdc-agent/values.yaml b/charts/pdc-agent/values.yaml
@@ -35,6 +35,8 @@ securityContext:
   runAsNonRoot: true
   privileged: false
   allowPrivilegeEscalation: false
+  # -- Enable running in a read-only root filesystem.
+  readOnlyRootFilesystem: false
 
 resources:
   requests:
