readOnlyRootFilesystem Configuration in Artifactory Containers
Enable readOnlyRootFilesystem security context in Artifactory Helm containers (v7.111+) to prevent unauthorized file modifications.
From Artifactory version 7.111, set Artifactory containers to read-only using the Kubernetes security context to prevent unauthorized file system modifications.
A container running with readOnlyRootFilesystem: true has the following configuration:
/app(read-only, not mounted)/var(mounted external volume, writable)
With readOnlyRootFilesystem: true, the application can write only to /var; all other directories are protected.
Set readOnlyRootFilesystem to true
readOnlyRootFilesystem to trueSet this in Artifactory's values.yaml:
containerSecurityContext:
readOnlyRootFilesystem: trueUpdated 12 days ago