Allow setting readOnlyRootFilesystem in securityContext (#19437)

helm/minio/templates/statefulset.yaml

@@ -191,6 +191,10 @@ spec:
               value: {{ tpl $val $ | quote }}
             {{- end }}
           resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
+          securityContext:
+            readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem | default false }}
+          {{- end }}
         {{- with .Values.extraContainers }}
           {{- if eq (typeOf .) "string" }}
             {{- tpl . $ | nindent 8 }}

helm/minio/values.yaml

@@ -249,6 +249,7 @@ securityContext:
   runAsGroup: 1000
   fsGroup: 1000
   fsGroupChangePolicy: "OnRootMismatch"
+  readOnlyRootFilesystem: false
 
 # Additational pod annotations
 podAnnotations: {}