search

yetibot / yetibot-helm

⎈ Official Helm 3 Chart for Yetibot
https://yetibot.com/yetibot-helm/
4 stars 1 forks source link

readonlyfilesystem example makes pod fail #6

Closed KlavsKlavsen closed 3 years ago

KlavsKlavsen commented 3 years ago

I enabled the security settings given in values.yaml: https://github.com/yetibot/yetibot-helm/blob/master/charts/yetibot/values.yaml#L31

But docker image is not built to actually work with that :(

 mktemp: failed to create file via template ‘/tmp/lein-trampoline-XXXXXXXXXXXXX’: Read-only file system                                                                                                                                  
 java.lang.Exception: Couldn't create directories: /.lein                                                                                                                                                                                
  at leiningen.core.utils$mkdirs.invokeStatic (utils.clj:71)                                                                                                                                                                             
     leiningen.core.utils$mkdirs.invoke (utils.clj:67)                                                                                                                                                                                   
     leiningen.core.user$leiningen_home.invokeStatic (user.clj:28)                                                                                                                                                                       
     leiningen.core.user$leiningen_home.invoke (user.clj:22)                                                                                                                                                                             
     leiningen.core.user$fn__8140.invokeStatic (user.clj:34)                                                                                                                                                                             
     leiningen.core.user/fn (user.clj:33)                                                                                                                                                                                                
     clojure.lang.AFn.applyToHelper (AFn.java:152)                                                                                                                                                                                       
     clojure.lang.AFn.applyTo (AFn.java:144)                                                                                                                                                                                             
     clojure.core$apply.invokeStatic (core.clj:665)                                                                                                                                                                                      
     clojure.core$memoize$fn__6877.doInvoke (core.clj:6353)                                                                                                                                                                              
     clojure.lang.RestFn.invoke (RestFn.java:397)                                                                                                                                                                                        
     leiningen.core.main$_main$fn__7420.invoke (main.clj:445)                                                                                                                                                                            
     leiningen.core.main$_main.invokeStatic (main.clj:442)                                                                                                                                                                               
     leiningen.core.main$_main.doInvoke (main.clj:439)                                                                                                                                                                                   
     clojure.lang.RestFn.applyTo (RestFn.java:137)                                                                                                                                                                                       
     clojure.lang.Var.applyTo (Var.java:705)                                                                                                                                                                                             
     clojure.core$apply.invokeStatic (core.clj:665)                                                                                                                                                                                      
     clojure.main$main_opt.invokeStatic (main.clj:514)                                                                                                                                                                                   
     clojure.main$main_opt.invoke (main.clj:510)                                                                                                                                                                                         
     clojure.main$main.invokeStatic (main.clj:664)                                                                                                                                                                                       
     clojure.main$main.doInvoke (main.clj:616)                                                                                                                                                                                           
     clojure.lang.RestFn.applyTo (RestFn.java:137)                                                                                                                                                                                       
     clojure.lang.Var.applyTo (Var.java:705)                                                                                                                                                                                             
     clojure.main.main (main.java:40)                                                                                                                                                                                                    
 stream closed

and I remove that and just have the rest(don't run as root) - it complains instead that it can't crate /.lein (which it obviously can't as / is owned by root and only writable by root).

KlavsKlavsen commented 3 years ago

Since this is an issue in the Dockerfile - I've reported it here instead: https://github.com/yetibot/yetibot/issues/1069