search

teableio / teable

✨ The Next Gen Airtable Alternative: No-Code Postgres
https://teable.io
Other
13.28k stars 599 forks source link

Support for Read-Only Filesystems in Docker Image #1121

Open chrootlogin opened 2 days ago

chrootlogin commented 2 days ago

Description

When using the teable image (1.5.2 or latest) on Kubernetes with a read-only filesystem, the application fails to start due to a write operation attempting to save the openapi.json file to a location that is not writable.

Steps to Reproduce

  1. Deploy the teable image (1.5.2 or latest) in a Kubernetes environment.
  2. Set the container to use a read-only filesystem.
  3. Observe the logs during startup.

Error Logs

node:internal/fs/sync:78
  return binding.openSync(
                 ^

Error: EROFS: read-only file system, open '/app/apps/nestjs-backend/dist/openapi.json'
    at Object.open (node:internal/fs/sync:78:18)
    at Object.openSync (node:fs:565:17)
    at Object.writeFileSync (node:fs:2288:35)
    at setUpAppMiddleware (/app/apps/nestjs-backend/dist/index.js:49:22)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async bootstrap (/app/apps/nestjs-backend/dist/index.js:74:5)
    at async /app/apps/nestjs-backend/dist/index.js:44579:15 {
  errno: -30,
  code: 'EROFS',
  syscall: 'open',
  path: '/app/apps/nestjs-backend/dist/openapi.json'
}

Node.js v20.9.0

Expected Behavior

The application should write temporary or generated files to a writable location, such as /tmp, allowing compatibility with read-only filesystems.

Actual Behavior

The application attempts to write to /app/apps/nestjs-backend/dist/openapi.json, which is not writable when the filesystem is read-only, causing the application to crash.

Suggested Solution

Update the application to write all temporary or runtime-generated files (e.g., openapi.json) to a writable directory, such as /tmp, which is typically writable in read-only filesystem configurations.

Environment

Impact

This issue prevents the image from being used in environments where a read-only filesystem is a security or operational requirement, such as in Kubernetes deployments with strict policies.

Additional Context

Read-only filesystem support is a common requirement in containerized environments to enhance security. Allowing the application to handle temporary or runtime-generated files in a writable location like /tmp would make it compatible with such setups.

Request

Please modify the image or provide configuration options to support deployment with a read-only filesystem. Let me know if you need further details or testing.

Thank you for addressing this issue!

tea-artist commented 1 day ago

It is theoretically possible to avoid it, but it requires some extra effort. We'll see if there's a bigger impact.