OpenShift non root policy: missing emptyDir when no pvc is enabled

[antoinetran]

What version were you using?

nats helm chart 1.1.10

What environment was the server running in?

OpenShift , amd64

Is this defect reproducible?

Yes.
In a OpenShift cluster with non root policy.

1. Deploy values:yaml as this

config:
  jetstream:
    enabled: true
    fileStore:
      enabled: true
      pvc:
        enabled: false

helm upgrade --install my-nats nats/nats --version 1.1.10 --namespace nats --values ./values.yaml

Given the capability you are leveraging, describe your expectation?

Helm chart deploys OK. nats pod deplomeny is OK.

Given the expectation, what is the defect you are observing?

nats pods deployment failed with logs:

kubectl -n nats logs my-nats-0
[40] 2024/04/26 18:15:07.716361 [INF] Starting JetStream
[40] 2024/04/26 18:15:07.716450 [FTL] Can't start JetStream: could not create storage directory - mkdir /data: permission denied

[antoinetran]

This is because of missing emptyDir in case no pvc is deployed. As a workaround, this merge works (but because the merge cannot merge list, there is a duplication below):

container:
  merge:
    volumeMounts:
      # nats config
      - name: config
        mountPath: /etc/nats-config
      # PID volume
      - name: pid
        mountPath: /var/run/nats
      # Override
      - mountPath: /data
        name: js-data
podTemplate:
  # merge or patch the pod template
  # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core
  merge:
   spec:
      volumes:
        - configMap:
            name: my-nats-config
          name: config
        - emptyDir: {}
          name: pid
        # Override
        - emptyDir: {}
          name: js-data