Closed KlavsKlavsen closed 3 years ago
I enabled the security settings given in values.yaml: https://github.com/yetibot/yetibot-helm/blob/master/charts/yetibot/values.yaml#L31
But docker image is not built to actually work with that :(
mktemp: failed to create file via template ‘/tmp/lein-trampoline-XXXXXXXXXXXXX’: Read-only file system java.lang.Exception: Couldn't create directories: /.lein at leiningen.core.utils$mkdirs.invokeStatic (utils.clj:71) leiningen.core.utils$mkdirs.invoke (utils.clj:67) leiningen.core.user$leiningen_home.invokeStatic (user.clj:28) leiningen.core.user$leiningen_home.invoke (user.clj:22) leiningen.core.user$fn__8140.invokeStatic (user.clj:34) leiningen.core.user/fn (user.clj:33) clojure.lang.AFn.applyToHelper (AFn.java:152) clojure.lang.AFn.applyTo (AFn.java:144) clojure.core$apply.invokeStatic (core.clj:665) clojure.core$memoize$fn__6877.doInvoke (core.clj:6353) clojure.lang.RestFn.invoke (RestFn.java:397) leiningen.core.main$_main$fn__7420.invoke (main.clj:445) leiningen.core.main$_main.invokeStatic (main.clj:442) leiningen.core.main$_main.doInvoke (main.clj:439) clojure.lang.RestFn.applyTo (RestFn.java:137) clojure.lang.Var.applyTo (Var.java:705) clojure.core$apply.invokeStatic (core.clj:665) clojure.main$main_opt.invokeStatic (main.clj:514) clojure.main$main_opt.invoke (main.clj:510) clojure.main$main.invokeStatic (main.clj:664) clojure.main$main.doInvoke (main.clj:616) clojure.lang.RestFn.applyTo (RestFn.java:137) clojure.lang.Var.applyTo (Var.java:705) clojure.main.main (main.java:40) stream closed
and I remove that and just have the rest(don't run as root) - it complains instead that it can't crate /.lein (which it obviously can't as / is owned by root and only writable by root).
Since this is an issue in the Dockerfile - I've reported it here instead: https://github.com/yetibot/yetibot/issues/1069
I enabled the security settings given in values.yaml: https://github.com/yetibot/yetibot-helm/blob/master/charts/yetibot/values.yaml#L31
But docker image is not built to actually work with that :(
and I remove that and just have the rest(don't run as root) - it complains instead that it can't crate /.lein (which it obviously can't as / is owned by root and only writable by root).