How to utilize Containerized Jenkins Inbound Agent with Read-Only Root Filesystem?

We are in the process of standing up a Serverless Jenkins on AWS Fargate as described in this blog post Building a serverless Jenkins environment on AWS Fargate | AWS DevOps Blog

So far things are going well, but one requirement we have is that we run our containers with a read-only root file system and thus need to add the appropriate volumes to those folders that need write access.

Is there a list of required directories that must be writable within the inbound agent image? GitHub - jenkinsci/docker-inbound-agent: Docker image for a Jenkins agent which can connect to Jenkins using TCP or Websocket protocols

I’ve tried explicitly setting the JENKINS_AGENT_WORKDIR and creating a volume

ENV JENKINS_AGENT_WORKDIR=/home/jenkins/workspace
VOLUME ["/home/jenkins/workspace"]

but am met with a handful of errors including:

WARNING: No Working Directory. Using the legacy JAR Cache location: /home/jenkins/.jenkins/cache/jars