You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a company-wide sec. requirement to run containers in k8s with a read only fs (We run it there for dev purposes only).
We have been able to implement that by building an own image that moves /etc/mqm/ to /config/mqm and then mounts a tmpdir to /etc/mqm at runtime and copying back from `/config.
Also a lot of mounts have been found out by trail&error:
I would suggest to make running with r/o rootfs simpler.
For example it would be easier if input files (.tpl) would be stored in /usr/share, so that runmqdevserver would start with an empty /etc/mqm.
Also maybe the documentation should be improved by specifying which folders have to be read-only and/or improving the error messages by showing which file is problematic.
The text was updated successfully, but these errors were encountered:
We have a company-wide sec. requirement to run containers in k8s with a read only fs (We run it there for dev purposes only).
We have been able to implement that by building an own image that moves
/etc/mqm/
to/config/mqm
and then mounts a tmpdir to/etc/mqm
at runtime and copying back from `/config.Also a lot of mounts have been found out by trail&error:
I would suggest to make running with r/o rootfs simpler.
For example it would be easier if input files (
.tpl
) would be stored in/usr/share
, so thatrunmqdevserver
would start with an empty/etc/mqm
.Also maybe the documentation should be improved by specifying which folders have to be read-only and/or improving the error messages by showing which file is problematic.
The text was updated successfully, but these errors were encountered: