k8s icon indicating copy to clipboard operation
k8s copied to clipboard
verified publisher icon nats-io

natsbox doesn't work in openshift - can't cd to /root

Open jaredmcqueen opened this issue 1 year ago • 1 comments

What version were you using?

natsio/nats-box:0.14.2-nonroot

What environment was the server running in?

RedHat OpenShift

Is this defect reproducible?

the helm chart currently starts the natsbox deployment using:

      - args:
        - trap true INT TERM; sleep infinity & wait
        command:
        - sh
        - -ec
        - |
          work_dir="$(pwd)"
          mkdir -p "$XDG_CONFIG_HOME/nats"
          cd "$XDG_CONFIG_HOME/nats"
          if ! [ -s context ]; then
            ln -s /etc/nats-contexts context
          fi
          if ! [ -f context.txt ]; then
            echo -n "default" > context.txt
          fi
              # cd "$work_dir". <-- this breaks openshift
          exec sh -ec "$0"

If I comment out that line it'll deploy. When I terminal into the container, my $(pwd) is /root as expected but the kicker is that I can't change directory into that path. Odd because I'm in that path. If I go back a folder, then try to go back to /root I get a permission denied. Take a look at the following:

/root
/root $ cd /root
sh: cd: can't cd to /root: Permission denied
/root $ cd .
sh: cd: can't cd to .: Permission denied
/root $ cd ..
~ $ cd root/
sh: cd: can't cd to root/: Permission denied

Given the capability you are leveraging, describe your expectation?

deployments to openshift without modifying the helm chart or commenting out the cd

Given the expectation, what is the defect you are observing?

permission denied

jaredmcqueen avatar Jan 18 '24 15:01 jaredmcqueen

FYI my working config to deploy this via custom values is:

natsBox:
  enabled: true
  container:
    image:
      tag: 0.14.2-nonroot
    merge:
      command:
        - sh
        - -ec
        - |
          work_dir="$(pwd)"
          mkdir -p "$XDG_CONFIG_HOME/nats"
          cd "$XDG_CONFIG_HOME/nats"
          if ! [ -s context ]; then
            ln -s /etc/nats-contexts context
          fi
          if ! [ -f context.txt ]; then
            echo -n "default" > context.txt
          fi
          exec sh -ec "$0"

jaredmcqueen avatar Jan 18 '24 15:01 jaredmcqueen

@jaredmcqueen would you try with nats-box 0.14.3-nonroot ? This MR should fix your issue : https://github.com/nats-io/nats-box/pull/66

sboulkour avatar Apr 08 '24 13:04 sboulkour

Should be fixed by #883

caleblloyd avatar Apr 11 '24 13:04 caleblloyd

This is happening for me on v1.2.10, even with non-root.

I am getting the following error: mkdir: can't create directory '/nsc/.config/': Permission denied

swelborn avatar Feb 12 '25 21:02 swelborn

https://github.com/nats-io/k8s/issues/904#issuecomment-2195303053

This config solves the above^

swelborn avatar Feb 12 '25 21:02 swelborn