fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

Helm Chart: /tmp is read only

Open ololdach opened this issue 3 years ago • 0 comments

Fleet version: 4.17.0 Chart 4.17.0 Operating system: k3s v1.21.11+k3s1 Web browser: n/a

🧑‍💻  Expected behavior

I expected the default installation to work out of the box.

💥  Actual behavior

I found that the vulnerabilities won't fetch the CPE mappings and that getting the CVEs doesnt't work either. Neither for windows, linux nor macOS.

More info

Investigation revealed that the root cause is that the default path used to download the databases: /tmp/* is read-only. I suggest to include at least an emptyDir mount in the deployment.yaml helm template, making /tmp read-write: spec: volumeMounts: - mountPath: /tmp name: fleet-data volumes: - emptyDir: sizeLimit: 20Gi name: fleet-data

Ultimatively it would be great to include a persistence: section in values that, would allow to set the name of an existing persistentVolumeClaim resulting in a deployment.yaml like this: {{ if eq .Values.fleet.persistence.existingClaim "" }} - emptyDir: sizeLimit: "{{ .Values.fleet.persistence.volumeSize }}" name: fleet-data {{ else }} - name: fleet-data persistentVolumeClaim: claimName: "{{ .Values.fleet.persistence.existingClaim }}" {{ end }}

ololdach avatar Aug 01 '22 06:08 ololdach