-
-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookie not writeable when readOnlyRootFilesystem: true #243
Comments
I'm not into Erlang unfortunately but as far as I read, I guess that the cookie is always written to the home folder of the current user. |
Ok I guess I could fix that on my site with: Dockerfile
Entrypoint script
|
alwinmark
pushed a commit
to alwinmark/docker-vernemq
that referenced
this issue
Sep 29, 2020
Therefore moved home directory into data volume and fix right of Erlang Cookie in case of reclaiming a volume on kubernetes. fixes: vernemq#243
hsudbrock
pushed a commit
to hsudbrock/docker-vernemq
that referenced
this issue
Feb 26, 2024
Therefore moved home directory into data volume and fix right of Erlang Cookie in case of reclaiming a volume on kubernetes. fixes: vernemq#243
hsudbrock
pushed a commit
to hsudbrock/docker-vernemq
that referenced
this issue
Feb 26, 2024
Therefore moved home directory into data volume and fix right of Erlang Cookie in case of reclaiming a volume on kubernetes. fixes: vernemq#243
ioolkos
pushed a commit
to alwinmark/docker-vernemq
that referenced
this issue
Apr 28, 2024
Therefore moved home directory into data volume and fix right of Erlang Cookie in case of reclaiming a volume on kubernetes. fixes: vernemq#243
ioolkos
pushed a commit
to alwinmark/docker-vernemq
that referenced
this issue
Apr 28, 2024
Therefore moved home directory into data volume and fix right of Erlang Cookie in case of reclaiming a volume on kubernetes. fixes: vernemq#243
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
In order to be able to install vernemq on a production grade security enhanced Kubernetes Cluster with Pod Security Policies enabled, VerneMQ should run with the least privileges possible.
Especially when VerneMQ is public available which might be case in most cases when it comes down to IoT Devices.
Setup:
As as a security aware Developer/Operation Engineer you want a default PSP like:
When one installs now vernemq:
Expected Behaviour
Everything should come up and:
should print everything is fine.
Actual Behaviour
Proposal
In order to fix that, data generated or changed during Runtime of a Container should not be placed into the same folder as the static compiled/backed stuff.
One possible Solution could be moving the Erlang Cookie into the /vernemq/data directory.
Another one would be moving it into an own Volume and add that at least to the Helm Chart as emptyDir.
The text was updated successfully, but these errors were encountered: