Enhancement request: Datahub docker image and helm chart should support readonly filesystem to make it more secure

[mubaraque-ali]

Is your feature request related to a problem? Please describe. I am trying to configure DataHub to run on a read-only filesystem for enhanced security and compliance requirements. However, there is limited documentation or guidance on how to achieve this setup, especially for Kubernetes or Helm-based deployments. It is unclear which paths need to remain writable for DataHub to function correctly.

Describe the solution you'd like I would like clear documentation or configuration options to support running DataHub on a read-only filesystem. This could include:

A list of directories or paths that must remain writable. Helm chart values or Kubernetes configurations to enable a read-only filesystem. Best practices for securing DataHub in such environments.

Describe alternatives you've considered Attempted to use readOnlyRootFilesystem: true in Kubernetes security contexts, but encountered issues with certain writable paths. Tried mounting specific writable volumes for logs or temporary files, but it is unclear which paths are mandatory. Explored Docker’s --read-only flag, but faced similar challenges.

Additional context Add any other context or screenshots about the feature request here. List of images:

1. datahub-actions: v1.3.0-fix2
2. datahub-gms: v1.3.0.1
3. datahub-frontend-react: v1.3.0.1
4. datahub-elasticsearch-setup: v1.3.0.1
5. datahub-kafka-setup: v1.2.0.1
6. datahub-postgres-setup: v1.3.0.1
7. datahub-upgrade: v1.3.0.1

Any guidance or support on this would be greatly appreciated. Thank you!