In high-security Kubernetes, e.g. OpenShift, the container user has an arbitrary underprivileged UID which (for all intents and purposes) means the filesystem is read-only. At runtime, Ackee wants to create the file dist/index.html which may not be possible if the container user is underprivileged.
What Was Changed
Build files that are identical on every installation are moved to a directory called public. build.js now copies files from public to dist. In effect, at runtime public may be a read-only directory while dist can be fully read-write.
Motivation
In high-security Kubernetes, e.g. OpenShift, the container user has an arbitrary underprivileged UID which (for all intents and purposes) means the filesystem is read-only. At runtime, Ackee wants to create the file
dist/index.html
which may not be possible if the container user is underprivileged.What Was Changed
Build files that are identical on every installation are moved to a directory called
public
.build.js
now copies files frompublic
todist
. In effect, at runtimepublic
may be a read-only directory whiledist
can be fully read-write.This enables us to deploy Ackee on OpenShift by using an
emptyDir
volume mounted on/srv/app/dist
(see also: https://github.com/jennydaman/suda-charts/commit/9719c86ae41e626fb5aa126ae6e27055e2eaacc0)