-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pebble silently fails on a readOnlyRootFilesystem
#462
Comments
I am concerned that it fails/hangs silently at startup. That's definitely problematic, and we can look into that (probably next week). It should fail loudly, or at the very least log an error. In terms of the readonly issue, Pebble does need a non-readonly directory to write the state file into. Can you set the |
I've confirmed that we're hanging silently on startup when writing the state file fails (one can reproduce this easily by modifying |
Thank you for triaging the issue @benhoyt One possible workaround would be to mount an |
I've provided a quick fix to check if the state dir is writable before creating the backend. Here are some of my other thoughts coming from debugging this issue:
So, I did not add any checks on the last point. Please review the PR @benhoyt. |
Hello,
Kubernetes has a
securityContext
option calledreadOnlyRootFilesystem
that makes a container's filesystem read-only. In this scenario, Pebble tries to create some state like/var/lib/pebble/default/.pebble.state.2NLvJGDxF8jn~
and silently fails/hangs at startup. The container reports as running, and no logs indicating an error are communicated back(since I assume pebble couldn't start properly).A good number of projects on Kubernetes make use of this option by default in their manifests/helm charts. This is a pain point in the drop-in docker image replacement story of rocks. We are currently trying to work around this by disabling this option, which might not be accepted/appreciated by users.
Your help is much appreciated, thank you!
cc: @cjdcordeiro
The text was updated successfully, but these errors were encountered: