search

jenkinsci / helm-charts

Jenkins helm charts
https://artifacthub.io/packages/helm/jenkinsci/jenkins
Apache License 2.0
569 stars 892 forks source link

init container gives java.nio.file.FileSystemException: /.cache: Read-only file system #1176

Closed f-w closed 1 month ago

f-w commented 2 months ago

Describe the bug

Our OpenShift env doesn't allow run as user 1000. usePodSecurityContext has no effect on init container. I have to override following values

jenkins:
  controller:
    usePodSecurityContext: false
    podSecurityContextOverride:
      runAsGroup: 1010380000
      runAsUser: 1010380000
    containerSecurityContext:
      runAsGroup: 1010380000
      runAsUser: 1010380000

Version of Helm and Kubernetes

- Helm: version.BuildInfo{Version:"v3.13.2", GitCommit:"2a2fb3b98829f1e0be6fb18af2f6599e0f4e8243", GitTreeState:"clean", GoVersion:"go1.20.10"}
- Kubernetes: v1.26.13+77e61a2

Chart version

5.5.8

What happened?

init container throws exception
`java.nio.file.FileSystemException: /.cache: Read-only file system`

What you expected to happen?

no error

How to reproduce it

No response

Anything else we need to know?

No response

jonesbusy commented 1 month ago

Duplicate of https://github.com/jenkinsci/helm-charts/issues/506

I confirm the chart works on Openshift/OKD if you let the cluster manage the security context

This is due to the plugin installation manager tool.

You need to ensure to move the cache to a writable location

  initContainerEnv:
    - name: CACHE_DIR
      value: "/tmp/cache"
    - name: PLUGIN_DIR
      value: "/tmp/plugins"