search

nats-io / k8s

NATS on Kubernetes with Helm Charts
Apache License 2.0
446 stars 302 forks source link

natsbox doesn't work in openshift - can't cd to /root #858

Closed jaredmcqueen closed 5 months ago

jaredmcqueen commented 7 months ago

What version were you using?

natsio/nats-box:0.14.2-nonroot

What environment was the server running in?

RedHat OpenShift

Is this defect reproducible?

the helm chart currently starts the natsbox deployment using:

      - args:
        - trap true INT TERM; sleep infinity & wait
        command:
        - sh
        - -ec
        - |
          work_dir="$(pwd)"
          mkdir -p "$XDG_CONFIG_HOME/nats"
          cd "$XDG_CONFIG_HOME/nats"
          if ! [ -s context ]; then
            ln -s /etc/nats-contexts context
          fi
          if ! [ -f context.txt ]; then
            echo -n "default" > context.txt
          fi
              # cd "$work_dir". <-- this breaks openshift
          exec sh -ec "$0"

If I comment out that line it'll deploy. When I terminal into the container, my $(pwd) is /root as expected but the kicker is that I can't change directory into that path. Odd because I'm in that path. If I go back a folder, then try to go back to /root I get a permission denied. Take a look at the following:

/root
/root $ cd /root
sh: cd: can't cd to /root: Permission denied
/root $ cd .
sh: cd: can't cd to .: Permission denied
/root $ cd ..
~ $ cd root/
sh: cd: can't cd to root/: Permission denied

Given the capability you are leveraging, describe your expectation?

deployments to openshift without modifying the helm chart or commenting out the cd

Given the expectation, what is the defect you are observing?

permission denied

jaredmcqueen commented 7 months ago

FYI my working config to deploy this via custom values is:

natsBox:
  enabled: true
  container:
    image:
      tag: 0.14.2-nonroot
    merge:
      command:
        - sh
        - -ec
        - |
          work_dir="$(pwd)"
          mkdir -p "$XDG_CONFIG_HOME/nats"
          cd "$XDG_CONFIG_HOME/nats"
          if ! [ -s context ]; then
            ln -s /etc/nats-contexts context
          fi
          if ! [ -f context.txt ]; then
            echo -n "default" > context.txt
          fi
          exec sh -ec "$0"
sboulkour commented 5 months ago

@jaredmcqueen would you try with nats-box 0.14.3-nonroot ? This MR should fix your issue : https://github.com/nats-io/nats-box/pull/66

caleblloyd commented 5 months ago

Should be fixed by #883