Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running with readOnlyRootFilesystem #239

Open
djetelina opened this issue Jan 19, 2024 · 2 comments
Open

Running with readOnlyRootFilesystem #239

djetelina opened this issue Jan 19, 2024 · 2 comments
Assignees
@ZhangNing10

Comments

@djetelina
Copy link

djetelina commented Jan 19, 2024
edited
Loading

Hi,

support for Read only root fs would be great. So far I've encountered two issues:

Mysql container init wants to use /tmp and /var/run/mysqld, emptyDir (or an option to add emptyDir) volume would fix that easily (tested it).

Lake really wants to log to /app/logs/, same thing, emptyDir fixes it easily.

UI wants to create /etc/nginx/conf.d/default.conf. If I'm reading the source right, this might be a bit trickier to accomplish, the solution that comes to mind is a different entrypoint and skipping the templating, using a configmap instead? But maybe there's something more simple.

edit: Lake also wants /tmp during runtime
@ZhangNing10
Copy link
Contributor

hi @djetelina , i am not sure for which pod you want the read only root fs and the reason for it?

@djetelina
Copy link
Author

We have it as a generic rule across our cluster through OPA Gatekeeper. So every pod if possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ZhangNing10 ZhangNing10

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@djetelina @ZhangNing10