OpenShift non root policy: missing emptyDir when no pvc is enabled
antoinetran opened this issue · 1 comments
antoinetran commented
What version were you using?
nats helm chart 1.1.10
What environment was the server running in?
OpenShift , amd64
Is this defect reproducible?
Yes.
In a OpenShift cluster with non root policy.
- Deploy values:yaml as this
config:
jetstream:
enabled: true
fileStore:
enabled: true
pvc:
enabled: false
helm upgrade --install my-nats nats/nats --version 1.1.10 --namespace nats --values ./values.yaml
Given the capability you are leveraging, describe your expectation?
Helm chart deploys OK. nats pod deplomeny is OK.
Given the expectation, what is the defect you are observing?
nats pods deployment failed with logs:
kubectl -n nats logs my-nats-0
[40] 2024/04/26 18:15:07.716361 [INF] Starting JetStream
[40] 2024/04/26 18:15:07.716450 [FTL] Can't start JetStream: could not create storage directory - mkdir /data: permission denied
antoinetran commented
This is because of missing emptyDir in case no pvc is deployed. As a workaround, this merge works (but because the merge cannot merge list, there is a duplication below):
container:
merge:
volumeMounts:
# nats config
- name: config
mountPath: /etc/nats-config
# PID volume
- name: pid
mountPath: /var/run/nats
# Override
- mountPath: /data
name: js-data
podTemplate:
# merge or patch the pod template
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core
merge:
spec:
volumes:
- configMap:
name: my-nats-config
name: config
- emptyDir: {}
name: pid
# Override
- emptyDir: {}
name: js-data