Skip to content

Disable read-only file system

This how-to shows how to disable read-only root file system in your workloads.


This setting helps protect your workloads from unauthorized writes. Only disable it if you are sure that your workload requires write access to the file system outside of /tmp.

Add annotation to workload

  annotations: "false"

Re-deploy your workload to apply the changes.


Even with this setting enabled, you must ensure that the default user (1069 or whatever you override it with) has write permission inside the Docker image.

📚 Container security