Issue with securityContext.readOnlyRootFilesystem=true in NGINX Docker Image (10-listen-on-ipv6-by-default.sh: info: can not modify /etc/nginx/conf.d/default.conf (read-only file system?))
Opened this issue · 1 comments
Describe the bug
When setting securityContext.readOnlyRootFilesystem to true, we encounter an issue with the NGINX Docker image version 1.27.1. The following info log appears:
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: can not modify /etc/nginx/conf.d/default.conf (read-only file system?)
To reproduce
Steps to reproduce the behavior:
Deploy the NGINX Docker image version nginx:1.27.1.
Set securityContext.readOnlyRootFilesystem to true.
Check the logs for the issue.
Expected behavior
The securityContext.readOnlyRootFilesystem=true should not cause any issues or prevent the scripts in /docker-entrypoint.d/ from running as expected.
Your environment
-
NGINX Docker Image Version: nginx:1.27.1
-
Deployment Platform: Kubernetes
-
Version/release of Docker and method of installation (e.g. Docker Desktop / Docker Server)
-
Version/tag of the NGINX Docker image (e.g.
nginx:alpine) -
Target deployment platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...)
Additional context
This issue seems related to the scripts in /docker-entrypoint.d/ trying to modify the filesystem, which is read-only when securityContext.readOnlyRootFilesystem=true is set.
Those scripts are there to modify the configuration files in the early runtime of a container, which is obviously impossible for a read-only filesystem.
How do you propose to change this behaviour?