Can't run NGINX Ingress Controller with readOnlyRootFilesystem: true

NGINX Ingress controller version: k8s.gcr.io/ingress-nginx/controller:v0.35.0

Kubernetes version (use kubectl version): v1.18.6

Environment:

• Cloud provider or hardware configuration: AKS
• OS (e.g. from /etc/os-release):
• Kernel (e.g. uname -a):
• Install tools:
• Others:

What happened: I need to set readOnlyRootFilesystem: true for the NGINX Ingress Controller container due to security reasons. As there is no such option in the values.yaml file, I have manually added readOnlyRootFilesystem: true to the controller-deployment.yaml definition and deployed the Helm chart. The pod has the CrashLoopBackOff status:

unexpected error storing fake SSL Cert: could not create PEM certificate file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem: read-only file system

What you expected to happen: I expect:

• NGINX Ingress Controller to start and work fine with readOnlyRootFilesystem: true set in containers.securityContext in controller-deployment.yaml manifest;
• a possibility to replace the fake SSL certificate with a custom one. I've tried using --default-ssl-certificate flag with a valid kubernetes.io/tls secret but it doesn't help.

How to reproduce it: Download the Helm chart v3.3.0 from https://github.com/kubernetes/ingress-nginx, add readOnlyRootFilesystem: true to containers.securityContext in controller-deployment.yaml manifest and try deploying the chart with helm install nginx .

Anything else we need to know:

/kind bug