0

I am deploying my application in a kubernetes pod which is read-only in the cluster. Also, in entrypoint.sh I am starting apache2 server using

apachectl -D FOREGROUND

This is trying to create some folder in the read only pod resulting in this error:

mktemp: failed to create directory via template '/var/lock/apache2.XXXXXXXXXX': Read-only file system
chmod: missing operand after '755'

How can I avoid this. Please note that I have tried to create this tmp file at the docker image creation time and applied that image and it is still giving same error.

David Maze
  • 130,717
  • 29
  • 175
  • 215
T Ravi Theja
  • 63
  • 1
  • 11

1 Answers1

1

I don't think you can prevent Apache from creating this file. The DefaultRuntimeDir directive changes its location, but you can't prevent it from creating its lock file.

What you can do, though, is mount an emptyDir volume in your pod. This is temporary writable pod-local storage. That will let you create read-write "islands" within an otherwise read-only container filesystem.

apiVersion: apps/v1
kind: Deployment
spec:
  template:
    spec:
      volumes:
        - name: apache-var-lock
          emptyDir: {}
      containers:
        - image: httpd
          volumeMounts:
            - name: apache-var-lock
              mountPath: /var/lock
David Maze
  • 130,717
  • 29
  • 175
  • 215
  • Thanks @David Maze, I also finally reached the same conclusion and created volume and mounted and applied the deployment. I am getting error like: "chown: changing ownership of '/var/lock/apache2.jcdXCEL6Fx': Operation not permitted". Do I need to give permissions to the mounted volume or something? – T Ravi Theja Apr 08 '22 at 13:42
  • If you explicitly specify the user ID in the pod spec, that will become the `emptyDir` volume's owner; see _e.g._ https://stackoverflow.com/a/64022263 – David Maze Apr 08 '22 at 14:02