diff --git a/internal/controller/operator/containers.go b/internal/controller/operator/containers.go
index d71b64d8..c5a09dcd 100644
--- a/internal/controller/operator/containers.go
+++ b/internal/controller/operator/containers.go
@@ -342,7 +342,7 @@ func buildAuthServiceContainer(instance *operatorv1alpha1.Authentication, authSe
 			},
 			Privileged:               &falseVar,
 			RunAsNonRoot:             &trueVar,
-			ReadOnlyRootFilesystem:   &falseVar,
+			ReadOnlyRootFilesystem:   &trueVar,
 			AllowPrivilegeEscalation: &falseVar,
 			Capabilities: &corev1.Capabilities{
 				Drop: []corev1.Capability{"ALL"},
@@ -378,6 +378,26 @@ func buildAuthServiceContainer(instance *operatorv1alpha1.Authentication, authSe
 				Name:      "pgsql-client-cred",
 				MountPath: "/pgsql/clientinfo",
 			},
+			{
+				Name:      "liberty-serverdir-vol",
+				MountPath: "/opt/ibm/wlp/usr/servers/defaultServer",
+			},
+			{
+				Name:      "liberty-outputdir-vol",
+				MountPath: "/opt/ibm/wlp/output/defaultServer",
+			},
+			{
+				Name:      "liberty-logs-vol",
+				MountPath: "/logs",
+			},
+			{
+				Name:      "liberty-tmp-vol",
+				MountPath: "/tmp",
+			},
+			{
+				Name:      "auth-service-data-vol",
+				MountPath: "/opt/ibm/auth-service",
+			},
 		},
 		ReadinessProbe: &corev1.Probe{
 			ProbeHandler: corev1.ProbeHandler{
@@ -694,7 +714,7 @@ func buildIdentityProviderContainer(instance *operatorv1alpha1.Authentication, i
 			},
 			Privileged:               &falseVar,
 			RunAsNonRoot:             &trueVar,
-			ReadOnlyRootFilesystem:   &falseVar,
+			ReadOnlyRootFilesystem:   &trueVar,
 			AllowPrivilegeEscalation: &falseVar,
 			Capabilities: &corev1.Capabilities{
 				Drop: []corev1.Capability{"ALL"},
@@ -722,6 +742,11 @@ func buildIdentityProviderContainer(instance *operatorv1alpha1.Authentication, i
 				Name:      "pgsql-client-cred",
 				MountPath: "/pgsql/clientinfo",
 			},
+			{
+				Name:      "provider-data-vol",
+				MountPath: "/opt/ibm/provider-data",
+			},
+
 		},
 		ReadinessProbe: &corev1.Probe{
 			ProbeHandler: corev1.ProbeHandler{
@@ -1062,7 +1087,7 @@ func buildIdentityManagerContainer(instance *operatorv1alpha1.Authentication, id
 			},
 			Privileged:               &falseVar,
 			RunAsNonRoot:             &trueVar,
-			ReadOnlyRootFilesystem:   &falseVar,
+			ReadOnlyRootFilesystem:   &trueVar,
 			AllowPrivilegeEscalation: &falseVar,
 			Capabilities: &corev1.Capabilities{
 				Drop: []corev1.Capability{"ALL"},
diff --git a/internal/controller/operator/deployment.go b/internal/controller/operator/deployment.go
index 5864e8d3..c5490a3e 100644
--- a/internal/controller/operator/deployment.go
+++ b/internal/controller/operator/deployment.go
@@ -1031,5 +1031,41 @@ func buildIdpVolumes(ldapCACert string, routerCertSecret string) []corev1.Volume
 				},
 			},
 		},
+		{
+			Name: "liberty-serverdir-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
+		{
+			Name: "liberty-outputdir-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
+		{
+			Name: "liberty-logs-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
+		{
+			Name: "liberty-tmp-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
+		{
+			Name: "auth-service-data-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
+		{
+			Name: "provider-data-vol",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
 	}
 }