By default, the root filesystem of the container is mounted to the node disk as writable. However, you may use the readOnlyRootFilesystem setting in the manifest file to mount the root filesystem of the container as read-only. Enabling readOnlyRootFilesystem enhances the security of the container by preventing unauthorized modifications to the root filesystem.

When readOnlyRootFilesystem is enabled, three additional volumes are mounted: server, home, and temp. These volumes are not managed like Persistent Volume Claims (PVCs); rather, they are tied to the node and are therefore ephemeral. The 100 GiB minimum allocation for the node disk should cover the creation and use of these volumes. No additional resource allocation is required.