From aa92611ebedda4220d2c850db6c00705aa71b249 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Mon, 29 Mar 2021 13:06:01 +0200
Subject: [PATCH] explicitly allow apiserver pods to write to their root FS

---
 bindata/v3.11.0/openshift-apiserver/deploy.yaml | 1 +
 pkg/operator/v311_00_assets/bindata.go          | 1 +
 2 files changed, 2 insertions(+)

diff --git a/bindata/v3.11.0/openshift-apiserver/deploy.yaml b/bindata/v3.11.0/openshift-apiserver/deploy.yaml
index 050d64faf..8e383ba48 100644
--- a/bindata/v3.11.0/openshift-apiserver/deploy.yaml
+++ b/bindata/v3.11.0/openshift-apiserver/deploy.yaml
@@ -76,6 +76,7 @@ spec:
         # we need to set this to privileged to be able to write audit to /var/log/openshift-apiserver
         securityContext:
           privileged: true
+          readOnlyRootFilesystem: false
         ports:
         - containerPort: 8443
         volumeMounts:
diff --git a/pkg/operator/v311_00_assets/bindata.go b/pkg/operator/v311_00_assets/bindata.go
index de1aa3f02..13e62ab5b 100644
--- a/pkg/operator/v311_00_assets/bindata.go
+++ b/pkg/operator/v311_00_assets/bindata.go
@@ -227,6 +227,7 @@ spec:
         # we need to set this to privileged to be able to write audit to /var/log/openshift-apiserver
         securityContext:
           privileged: true
+          readOnlyRootFilesystem: false
         ports:
         - containerPort: 8443
         volumeMounts: