Configuring Read Only root filesystem in SecurityContext #6725

opsocomusr · 2022-04-22T15:07:36Z

opsocomusr
Apr 22, 2022

Does Strimzi support running the pods withreadOnlyRootFilesystem? We are getting the below error if we try to add this config in the CRD.

 template:
      pod:
        securityContext:
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1001

error validating data: ValidationError(Kafka.spec.kafka.template.pod.securityContext): unknown field "readOnlyRootFilesystem" in io.strimzi.kafka.v1beta2.Kafka.spec.kafka.template.pod.securityContext; if you choose to ignore these errors, turn validation off with --validate=false

Will there be any change in pod's behaviour for the other 2 configs (runAsNonRoot and runAsUser) mentioned in the securityContext?

scholzj · 2022-04-22T15:43:13Z

scholzj
Apr 22, 2022
Maintainer

You are configuring it incorrectly. This is (on Kubernetes level) not supported in Pod Security Context, only in Container Security Context. So you need to configure it in different place in the template. The Kafka Connect Build does nto work with read-only file system. The rest should work fine.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Strimzi

Configuring Read Only root filesystem in SecurityContext #6725

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Strimzi

Configuring Read Only root filesystem in SecurityContext #6725

Uh oh!

Uh oh!

opsocomusr Apr 22, 2022

Replies: 1 comment

Uh oh!

scholzj Apr 22, 2022 Maintainer

opsocomusr
Apr 22, 2022

scholzj
Apr 22, 2022
Maintainer