1. Proposed title of this feature request
[openshift-dns] - readOnlyRootFilesystem should be explicitly to true and if required to false for security reason

2. What is the nature and description of the request?
According to security best practice, it's recommended to set readOnlyRootFilesystem: true for all containers running on kubernetes. Given that openshift-dns does not set that explicitly, it's requested that this is being evaluated and if possible set to readOnlyRootFilesystem: true or otherwise to readOnlyRootFilesystem: false with a potential explanation why the file-system needs to be write-able.

3. Why does the customer need this? (List the business requirements here)
Extensive security audits are run on OpenShift Container Platform 4 and are highlighting that many vendor specific container is missing to set readOnlyRootFilesystem: true or else justify why readOnlyRootFilesystem: false is set.

4. List any affected packages or components.
openshift-dns

This security tracking issue was filed based on manifesting data available to Product Security in https://deptopia.prodsec.redhat.com/ui/home. This data indicates that the component noted in the "pscomponent" label was found to be affected by this vulnerability. If you believe this issue is not actionable and was created erroneously, please fill out the following form and close this issue as Closed with a resolution of Obsolete. This will prompt Product Security to review what type of error caused this Jira issue to be created, and prevent further mistakes of this type in the future.

https://forms.gle/LnXaf5aCAHaV6g8T8

To better understand the distinction between a component being Affected vs Not Affected, please read the following article:
https://docs.engineering.redhat.com/pages/viewpage.action?spaceKey=PRODSEC&title=Understanding+Affected+and+Not+Affected