docs: update readme to reflect non-root options

README.md

@@ -65,6 +65,28 @@ $ docker run -d \
 
 If the exposed ports are modified (in the case of multiple containers/servers on the same host) the `arkmanager` config will need to be modified to reflect the change as well. This is required so that `arkmanager` can properly check the server status and so that the ARK server itself can properly publish its IP address and query port to steam.
 
+
+#### Running without sudo capability or root
+
+Its perfectly possible to run the container without sudo or root user.
+However, this means a lot of automated permission fixes and checks will be skipped as well.
+
+For this to be handled correctly:
+- Use UID/GID 1001
+- Ensure all required folders are mounted and have their permissions *manually* set to 1001/1001 before using the container
+- No Linux capabilities are needed
+- privileged mode is not needed
+- The container will not prevent any Privilege Escalation
+
+#### Running with a hardened filesystem
+
+Some container platforms, primarily on kubernetes, offer the option to disable writability to the container root filesystem `readOnlyRootFilesystem`.
+The container is perfectly capable of being ran with this setting enabled, with the following caveats:
+
+- All folders containing any data being writhen, temporary or otherwise, explicitly need a writable folder attached
+- if `/var/spool/cron/crontabs/` is not mounted to a writable folder, crontab will *not* be setup
+
+
 ## Environment Variables
 
 A set of required environment variables have default values provided as part of the image: