Closed ddellarocca closed 2 months ago
@yanzhiemq please check this
@ddellarocca When a node joins the cluster, it will synchronize the ACL file from the existing nodes. However, if the ACL file is mounted as read-only, the synchronization operation will fail, preventing the node from starting.
@yanzhiemq yea but the configmap can be mounted only in read-only, is there a way to tell EMQX to not do that? Like to mount the configmap in the default path and then let EMQX sync in another path?
@Rory-Z Is there a workaround way to configure ACL file in EMQX operator?
I was thinking of creating an InitContainer to copy the ACL file in a directory that can be written by EMQX but I don't like this approach
@Rory-Z Is there a workaround way to configure ACL file in EMQX operator?
No, for configMap in Kubernetes, the application can not write it.
I was thinking of creating an InitContainer to copy the ACL file in a directory that can be written by EMQX but I don't like
Sorry for delay, could you please try to put configMap of acl.conf to /opt/emqx/etc/acl.conf
of EMQX container, I think EMQX will not to do write in etc path, it will read from etc path, and write to data path.
Putting the configMap under /etc
seems to have solved the problem, thanks.
Describe the bug If the ACL authorization config in EMQX crd has been configured to use an extra volume mount, during scale-up or blue-green upgrade, the new nodes are unable to join the cluster.
To Reproduce Preconditions: emqx operator up and running in a k8s cluster.
Apply the following manifest and wait for the cluster to be ready
Expected behavior The node should join the cluster with the correct ACL authorization configurations.
Anything else we need to know? If the EMQX is deleted and then applied again it successfully starts with the ACL configured with the desired number of nodes.
Environment details::