-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mount volumes for tmp directories, apply best practice to sc #38
mount volumes for tmp directories, apply best practice to sc #38
Conversation
🦋 Changeset detectedLatest commit: 5b59709 The changes in this PR will be included in the next version bump. Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
893eac0
to
25bcde7
Compare
25bcde7
to
5dd885a
Compare
…context-and-tmp-directories
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks for the extra debugging functionality
* mount volumes for tmp directories, apply best practice to sc * bump version * use safe sc for bundled apps (postgres, memcached) too * use read-only filesystem with mounted tmp volumes unless in development mode * revert version bump to let this be handled by changeset flow * amend dev readme * Create bright-students-eat.md --------- Co-authored-by: Oliver Günther <mail@oliverguenther.de>
/app/tmp
and/tmp
respectively to allow for read-only root file systems**
emptyDir
**
epheremal
volumeAt least on minikube both have problems with wrong permissions (world write access without sticky bit) which makes it unusable because Ruby will complain with the following.
Where
/app
is of course not writable and shouldn't be used to begin with.I'm looking into the issue and will try to reproduce it on my OpenShift cluster.
If it's an issue specific to minikube we may not have a problem.
Edit: it works fine on mz OpenShift cluster. So it might really just be a minikube bug.
Will try this on another cluster to confirm, though.