Closed YanFenGuo closed 1 month ago
Looks like your file system is readonly.
@lunny Yes it is readonly file system according to our security requirement, below is the deployment yaml file:
kind: Deployment
apiVersion: apps/v1
metadata:
name: icp4adeploy-gitea-deploy
labels:
app: icp4adeploy-gitea-deploy
spec:
replicas: 1
selector:
matchLabels:
app: icp4adeploy-gitea-deploy
template:
metadata:
creationTimestamp: null
labels:
app: icp4adeploy-gitea-deploy
spec:
restartPolicy: Always
initContainers:
- resources: {}
terminationMessagePath: /dev/termination-log
name: icp4adeploy-gitea-prereqs
command:
- sh
- '-cx'
- |
set -o errexit
set -o pipefail
mkdir -p /data/gitea/conf
mkdir -p /data/gitea/log
rm -rf /data/git/.gitconfig.lock
cp /opt/ansible/share/gitea_* /data/gitea/conf/
cp /rootca/tls.crt /data/gitea/conf/root_ca_crt.crt
cp /tlssecret/* /data/gitea/conf/
chown -R git:git /data/gitea
mv /data/gitea/conf/gitea_app.ini /data/gitea/conf/app.ini
env:
- name: USER_UID
value: '1000'
- name: USER_GID
value: '1000'
securityContext:
readOnlyRootFilesystem: true
imagePullPolicy: IfNotPresent
volumeMounts:
- name: gitea-data
mountPath: /data
- name: operator-shared-folder
mountPath: /opt/ansible/share
- name: tlssecret
mountPath: /tlssecret
- name: rootcasecret
mountPath: /rootca
terminationMessagePolicy: File
image: >-
cp.icr.io/cp/cp4a/demo/gitea@sha256:30540b7b97dd483f69a1a51d0bf0d5b8c0262a0d976658fe21469563aa2c007b
- resources: {}
terminationMessagePath: /dev/termination-log
name: folder-prepare-container
command:
- /bin/bash
- '-ecx'
- >
rm -rf /s6-folder/* && cp -rp /etc/s6/* /s6-folder && rm -rf
/etc-ssh-folder/* && cp -rp /etc/ssh/* /etc-ssh-folder && rm -rf
/app-gitea-folder/* && cp -rp /app/gitea/* /app-gitea-folder && rm
-rf /run-folder/* && cp -rp /run/* /run-folder
securityContext:
readOnlyRootFilesystem: true
imagePullPolicy: IfNotPresent
volumeMounts:
- name: s6-folder-pvc
mountPath: /s6-folder
- name: etc-ssh-folder-pvc
mountPath: /etc-ssh-folder
- name: app-gitea-folder-pvc
mountPath: /app-gitea-folder
- name: run-folder-pvc
mountPath: /run-folder
terminationMessagePolicy: File
image: >-
cp.icr.io/cp/cp4a/demo/gitea@sha256:30540b7b97dd483f69a1a51d0bf0d5b8c0262a0d976658fe21469563aa2c007b
serviceAccountName: ibm-cp4ba-anyuid
schedulerName: default-scheduler
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- s390x
- ppc64le
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 3
preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- s390x
- ppc64le
terminationGracePeriodSeconds: 30
securityContext: {}
containers:
- resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
readinessProbe:
httpGet:
path: /
port: 3000
scheme: HTTPS
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
terminationMessagePath: /dev/termination-log
name: icp4adeploy-gitea-deploy
livenessProbe:
httpGet:
path: /
port: 3000
scheme: HTTPS
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
env:
- name: USER_UID
value: '1000'
- name: USER_GID
value: '1000'
- name: DOMAIN
value: gitea-demo.apps.kragon.eastus.aroapp.io
- name: INSTALL_LOCK
value: 'true'
securityContext:
readOnlyRootFilesystem: true
ports:
- name: https
containerPort: 3000
protocol: TCP
- name: ssh
containerPort: 22
protocol: TCP
imagePullPolicy: IfNotPresent
volumeMounts:
- name: gitea-data
mountPath: /data
- name: root-folder-pvc
mountPath: /root
- name: gitea-folder-pvc
mountPath: /gitea
- name: git-folder-pvc
mountPath: /data/git
- name: ssh-folder-pvc
mountPath: /data/ssh
- name: s6-folder-pvc
mountPath: /etc/s6
- name: etc-ssh-folder-pvc
mountPath: /etc/ssh
- name: app-gitea-folder-pvc
mountPath: /app/gitea
- name: run-folder-pvc
mountPath: /run
terminationMessagePolicy: File
image: >-
cp.icr.io/cp/cp4a/demo/gitea@sha256:30540b7b97dd483f69a1a51d0bf0d5b8c0262a0d976658fe21469563aa2c007b
serviceAccount: ibm-cp4ba-anyuid
volumes:
- name: operator-shared-folder
persistentVolumeClaim:
claimName: operator-shared-pvc
- name: gitea-data
persistentVolumeClaim:
claimName: gitea-filestore-pvc
- name: rootcasecret
secret:
secretName: icp4adeploy-root-ca
defaultMode: 420
- name: tlssecret
secret:
secretName: icp4adeploy-prereq-ext-tls-secret
defaultMode: 420
- name: root-folder-pvc
emptyDir: {}
- name: gitea-folder-pvc
emptyDir: {}
- name: git-folder-pvc
emptyDir: {}
- name: ssh-folder-pvc
emptyDir: {}
- name: s6-folder-pvc
emptyDir: {}
- name: etc-ssh-folder-pvc
emptyDir: {}
- name: app-gitea-folder-pvc
emptyDir: {}
- name: run-folder-pvc
emptyDir: {}
Could you pls let me is this a configuration issue or Gitea has limitation on supporting Azure file storage? I feel unless I remove the PVC, I can't make it work....
Gitea will not know the real file system after you mount. So I don't think this is a problem can be resolved from Gitea side. It should be a configuration problem.
Feature Description
I see https://github.com/go-gitea/gitea/issues/22527 about Azure Blob Storage and this is about Azure File Storage support. I'm trying to deploy Gitea on ARO with Azure file storage, according to https://help.thorntech.com/docs/next/sftp-gateway-azure/azure-file-storage-mount/#caveats-and-limitations , with Azure file storage, it is impossible to do chmod.
This is my app.ini and I have PVC mount to
/data
:The first issue I met is Gitea pod can't be started with error:
After some investigate I'm able to fix it by adding below to app.ini because I mount
/data/git
as emptyDir so change permission is fine in this folder:But then I meet another permission issue when trying to login Gitea from UI:
And error when trying to create an organization:
So unless we remove the PVC mount, it is impossible to use Azure file storage? Does Gitea support Azure file storage?
Screenshots
No response