vm := &apiv1.VolumeMount{
Name: ringSecretName,
MountPath: "/hab/cache/keys",
// This directory cannot be made read-only, as the supervisor writes to
// it during its operation.
ReadOnly: false,
}
This hits me in #351 as well since hab can't change the directory permissions on a read-only volume mount. The suggested workaround is an initContainer combined with a emptyDir Volume
IIUC, This should be taken care by the operator. Operator should detect such changes and update the secret in k8s accordingly and then the secret is updated in all the pods that has it mounted.
The code at https://github.com/habitat-sh/habitat-operator/blob/master/pkg/controller/v1beta2/stateful_sets.go#L269-L275 :+1:
wont work anymore due to the
ReadOnly: false
option being silently ignored since 1.9.6. See https://github.com/kubernetes/kubernetes/issues/62099.This hits me in #351 as well since hab can't change the directory permissions on a read-only volume mount. The suggested workaround is an
initContainer
combined with aemptyDir
Volume