Skip to content

Disable read-only file systemΒΆ

This how-to shows how to disable read-only root file system in your workloads.

Warning

This setting helps protect your workloads from unauthorized writes. Only disable it if you are sure that your workload requires write access to the file system outside of /tmp.

Add annotation to workloadΒΆ

nais.yaml
...
metadata:
  annotations:
    nais.io/read-only-file-system: "false"

Re-deploy your workload to apply the changes.

Note

Even with this setting enabled, you must ensure that the default user (1069 or whatever you override it with) has write permission inside the Docker image.

πŸ“š Container security