K8SSAND-1827 ⁃ root-less container and folder metrics-collector not writable by group root

[albundy83]

Hello, start this line: https://github.com/k8ssandra/management-api-for-apache-cassandra/blob/d94ac7940420106a859640dffb6e5aedad27e691/scripts/docker-entrypoint.sh#L97

and all lines that involve modifying ${MCAC_PATH}/config/metric-collector.yaml does not work. I have the following error message:

/docker-entrypoint.sh: line 97: /opt/metrics-collector/config/metric-collector.yaml: Permission denied

It's a correct error as the folder /opt/metrics-collector/config is not writable by group root. A simple chmod -R g=u ${MCAC_PATH}/config could fix the issue.

Another problem is the fact that modifying files that are part of the original layers prevent from running the container with:

readOnlyRootFilesystem: true

So maybe, later you could imagine to move this file elsewhere or simply create a volume emptyDir for example.

Thanks a lot for your great job :)

┆Issue is synchronized with this Jira Task by Unito ┆friendlyId: K8SSAND-1827 ┆priority: Medium

[albundy83]

My last comment is more related to the usage in Kubernetes or OpenShift of course :)

[jsanda]

Thanks for creating the issue. I actually did some work a while back to support using a read-only root file system. It's at https://github.com/k8ssandra/cass-operator/pull/218. We are definitely going to revisit this in the near future.

[burmanm]

@emerkle826 Wasn't this fixed..?

[emerkle826]

As of v0.1.63 of the Management API images, I believe this issue should now be resolved. Sorry it took so long to get to, but the images used should have permissions fixed. If you use these newer images and still have permissions issues, please open a new ticket with any details.