It is a best practice to run kubernetes workloads as readOnlyRootFilesystem. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.

When running with such a security context, Mattermost will throw an error : Failed to update assets subpath from config.

This is the case even if the deployment is not served as a subpath.

My proposal is to add support for a readonly filesystem, by either :
- Detecting when the SITE_URL is not affecting the subpath, thereby not raising an error and not trying to update the subpath
OR
- Writing the updated files to a different directory that can be mounted as a read-writable volume instead of trying to updated assets in the root filesystem.

Code location https://github.com/mattermost/mattermost-server/blob/c4b4e1bc38eb7ff9fcc77af93873c1386392089e/utils/subpath.go#L149