TechQA.

readOnlyRootFilesystem prevents my code from writing logs

2.5k views Asked by At

I added in my deployment readOnlyRootFilesystem: true but running my code ends with the following error:

OSError: [Errno30] Read-only file system: '/project/logs/dbt.log'

But /project/logs/dbt.log is NOT a root path.

Any idea why does it happen?

here's a more elaborated manifest I'm using:

spec:
  containers:
    .
    .
    .
    .     
    securityContext:
      capabilities:
        drop:
        - ALL
      privileged: false
      readOnlyRootFilesystem: true
      runAsNonRoot: true
    .
    .
    .
    .      
  securityContext:
    fsGroup: 2000
    runAsNonRoot: true
    runAsUser: 101
kubernetes filesystems security-context
Original Q&A
1

There are 1 answers

0
gohm'c On

You can mount a temporary volume (same lifespan as your pod) to avoid writing to root:

spec:
  volumes:
  - name: logs
    emptyDir: {}

  containers:
  .
  .
    securityContext:
      capabilities:
        drop:
        - ALL
      privileged: false
      readOnlyRootFilesystem: true
      runAsNonRoot: true
    volumeMounts:
    - name: logs
      mountPath: /project/logs

Related Questions in KUBERNETES

Related Questions in FILESYSTEMS

Related Questions in SECURITY-CONTEXT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions