From 35cda254a8054e523901fb1dd262ae7542192e9c Mon Sep 17 00:00:00 2001
From: Eric Paulsen <ericpaulsen@coder.com>
Date: Tue, 14 Feb 2023 11:56:53 -0500
Subject: [PATCH 1/3] fix: set Coder read-only fs to null

---
 helm/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm/values.yaml b/helm/values.yaml
index 5d8fd84a26e76..797e56ebab795 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -67,7 +67,7 @@ coder:
     # coder.securityContext.readOnlyRootFilesystem -- Mounts the container's
     # root filesystem as read-only. It is recommended to leave this setting
     # enabled in production. This will override the same setting in the pod
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: null
     # coder.securityContext.seccompProfile -- Sets the seccomp profile for
     # the coder container.
     seccompProfile:

From 4e1763acb437d740558c76c4b620d2098ada7130 Mon Sep 17 00:00:00 2001
From: Eric Paulsen <ericpaulsen@coder.com>
Date: Tue, 14 Feb 2023 11:59:19 -0500
Subject: [PATCH 2/3] chore: readme fixes

---
 helm/values.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/helm/values.yaml b/helm/values.yaml
index 797e56ebab795..d9ad80b49bf31 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -58,10 +58,10 @@ coder:
     # runs as an unprivileged user. If setting runAsUser to 0 (root), this
     # will need to be set to false.
     runAsNonRoot: true
-    # coder.securityContext.runAsUser -- Sets the user id of the pod.
+    # coder.securityContext.runAsUser -- Sets the user id of the container.
     # For security reasons, we recommend using a non-root user.
     runAsUser: 1000
-    # coder.securityContext.runAsGroup -- Sets the group id of the pod.
+    # coder.securityContext.runAsGroup -- Sets the group id of the container.
     # For security reasons, we recommend using a non-root group.
     runAsGroup: 1000
     # coder.securityContext.readOnlyRootFilesystem -- Mounts the container's

From 8bd6e7649d215252baf42cadf5265f70b46b0aa8 Mon Sep 17 00:00:00 2001
From: Eric Paulsen <ericpaulsen@coder.com>
Date: Tue, 14 Feb 2023 12:00:07 -0500
Subject: [PATCH 3/3] chore: readme fixes v2

---
 helm/values.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/helm/values.yaml b/helm/values.yaml
index d9ad80b49bf31..f6fa30239f3ae 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -65,8 +65,7 @@ coder:
     # For security reasons, we recommend using a non-root group.
     runAsGroup: 1000
     # coder.securityContext.readOnlyRootFilesystem -- Mounts the container's
-    # root filesystem as read-only. It is recommended to leave this setting
-    # enabled in production. This will override the same setting in the pod
+    # root filesystem as read-only.
     readOnlyRootFilesystem: null
     # coder.securityContext.seccompProfile -- Sets the seccomp profile for
     # the coder container.