Add emptyDir volume for /usr/share/opensearch/config to keystore init container to support readOnlyRootFilesystem: true
#951
Comments
DrissiReda
added
bug
|
Hi @DrissiReda. Does the exception you report happen in the keystore init container or in the main opensearch container? |
|
Mounting manually an emptydir there works and that’s how I made it work. Then I removed the emptydir manually and registered the keystore as secret mounted to opensearch container. Didn’t get much issues afterwards.
|
|
@swoehrl-mw in case you consider doing it. Maybe also think about mentioning usage of keystore init container as a solution for |
swoehrl-mw
changed the title
readOnlyRootFilesystem: true/usr/share/opensearch/config to keystore init container to support readOnlyRootFilesystem: true
swoehrl-mw
added
enhancement
|
Should be rather easy to implement, for anyone who wants to tackle that: Extend the cluster builder to add an emptydir volume and mount it to the keystore init container at |
What is the bug?
I get multiple errors linked to the read-only file system that I don't see how to circumvent
How can one reproduce the bug?
Deploy any cluster with
securityContext.readOnlyRootFilesystemset to true.What is the expected behavior?
I should be able to mount some paths as a R/W
emptyDirwhere OpenSearch can create its files.However I cannot, for example it tries to create a
opensearch.keystore.tmpfile in/usr/share/opensearch/configpath, but if I mount an emptyDir to that path, I lose default configuration provided by the opensearch imageThe complete relevant log:
What is your host/environment?
Kubernetes v1.29.10 rk2
Opensearch version 2.17.0
Operator version 2.7.0
Do you have any screenshots?
Not needed as the problem is straightforward.
Do you have any additional context?
Unrelated maybe but I was unable to change
log4j.propertiesto print all logs to console. If opensearch doesn't need to write logs to file, it doesn't need R/W access to/usr/share/opensearch/logs.The text was updated successfully, but these errors were encountered: