-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bitnami/apache] htdocsConfigMap is incompatible with containerSecurityContext #25669
Labels
Comments
hybby
changed the title
htdocsConfigMap is incompatible with containerSecurityContext
[bitnami/apache 11.0.2] htdocsConfigMap is incompatible with containerSecurityContext
May 10, 2024
hybby
changed the title
[bitnami/apache 11.0.2] htdocsConfigMap is incompatible with containerSecurityContext
[bitnami/apache] htdocsConfigMap is incompatible with containerSecurityContext
May 10, 2024
A workaround to mount a configmap containing static HTTP file data while maintaining a read-only root filesystem is to use the extraVolumes:
- name: htdocs
configMap:
name: apache-http-content
extraVolumeMounts:
- mountPath: "/opt/bitnami/apache/htdocs"
name: htdocs |
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Name and Version
bitnami/apache 11.0.2
What architecture are you using?
arm64
What steps will reproduce the bug?
There is an option to overwrite the contents of the Apache htdocs directory with the contents of a configmap (
htdocsConfigMap
).When set, Apache containers fail to come up with:
This is due to this script in the container entrypoint:
https://github.com/bitnami/containers/blob/553a1efd8556e38d226a19dd2d2535cf9b08e756/bitnami/apache/2.4/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh#L76-L80
This conflicts with the default containerSecurityContext options:
Because setting
htdocsConfigMap
requires both writing to/opt/bitnami/apache/htdocs/
and interacting with files that have an ownership of root, both of the above must be set tofalse
for it to work.Is there another intended usage pattern meant for this setting, or should it be documented that its usage requires relaxation of the containerSecurityContext options?
Are you using any custom parameters or values?
Configuring
htdocsConfigMap
to the name of a configmap where it is unset by default.What is the expected behavior?
The configmap should be mounted to the htdocs directory successfully while containerSecurityContext should not need altered.
What do you see instead?
I get an error:
I need to configure the following for the configmap mounting to work:
The text was updated successfully, but these errors were encountered: