Starting from Artifactory version 7.111, you can leverage the Kubernetes security context feature in Artifactory containers. In this configuration, the entire file system of the container is set to read-only, preventing modifications to files or directories. This setting serves as a security measure to protect the application and its data from unauthorized changes.
If a container is running with readOnlyRootFilesystem=true, it may have the following configuration:
/app(read-only, not mounted)/var(mounted external volume, writable)
In this case, the application can only write to /var with readOnlyRootFilesystem=true, while all other directories remain protected from any changes.
Set readOnlyRootFilesystem to true
Here's an example of how to set this in the values.yaml of Artifactory Helm chart:
containerSecurityContext: readOnlyRootFilesystem: true