diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
index e150aa5a94..34a510eaf8 100644
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@@ -34,24 +34,29 @@ spec:
           image: {{ .Values.images.api }}
           imagePullPolicy: {{ .Values.images.pull_policy }}
           command:
-          - glance-api --config-dir /etc/glance
+          - glance-api
+          - --config-file
+          - /etc/glance/glance-registry.conf
           ports:
             - containerPort: {{ .Values.network.port.api }}
           readinessProbe:
             tcpSocket:
               port: {{ .Values.network.port.api }}
           volumeMounts:
+            - name: etcglance
+              mountPath: /etc/glance
             - name: glanceapiconf
               mountPath: /etc/glance/glance-api.conf
               subPath: glance-api.conf
+              readOnly: true
             - name: glanceapipaste
               mountPath: /etc/glance/glance-api-paste.ini
               subPath: glance-api-paste.ini
-            - name: etcglance
-              mountPath: /etc/glance
+              readOnly: true
             - name: glancepolicy
               mountPath: /etc/glance/policy.json
               subPath: policy.json
+              readOnly: true
 {{- if .Values.development.enabled }}
             - name: glance-data
               mountPath: /var/lib/glance/images
@@ -59,9 +64,11 @@ spec:
             - name: cephconf
               mountPath: /etc/ceph/ceph.conf
               subPath: ceph.conf
+              readOnly: true
             - name: cephclientglancekeyring
               mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.glance_user }}.keyring
               subPath: ceph.client.{{ .Values.ceph.glance_user }}.keyring
+              readOnly: true
 {{- end }}
       volumes:
         - name: glanceapiconf
diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml
index f8f6c6327e..05615548df 100644
--- a/glance/templates/deployment-registry.yaml
+++ b/glance/templates/deployment-registry.yaml
@@ -27,16 +27,23 @@ spec:
           imagePullPolicy: {{ .Values.images.pull_policy }}
           command:
           - glance-registry
+          - --config-file
+          - /etc/glance/glance-registry.conf
           ports:
             - containerPort: {{ .Values.network.port.registry }}
           readinessProbe:
             tcpSocket:
               port: {{ .Values.network.port.registry }}
           volumeMounts:
+            - name: etcglance
+              mountPath: /etc/glance
             - name: glanceregistryconf
               mountPath: /etc/glance/glance-registry.conf
               subPath: glance-registry.conf
+              readOnly: true
       volumes:
+        - name: etcglance
+          emptyDir: {}
         - name: glanceregistryconf
           configMap:
             name: glance-etc