Disable read-only file system¶

This how-to shows how to disable read-only root file system in your workloads.

Warning

This setting helps protect your workloads from unauthorized writes. Only disable it if you are sure that your workload requires write access to the file system outside of /tmp.

Add annotation to workload¶

nais.yaml

...
metadata:
  annotations:
    nais.io/read-only-file-system: "false"

Re-deploy your workload to apply the changes.

Note

Even with this setting enabled, you must ensure that the default user (1069 or whatever you override it with) has write permission inside the Docker image.

Container security

Disable read-only file system¶

Add annotation to workload¶

Related pages¶