@dhirschfeld I’d like to understand this better, I think no matter what there is an action point for the Helm chart to either document this better or similar.
Background knowledge
- extraFiles work by mounting k8s Secret resources.
- An entry is added to the pod’s
volumes
- An entry is added to the container’s
volumeMounts
- The
volumeMounts
entry is not havingreadOnly
explicitly set, which make it default totrue
for a Secret I think. - The
volumeMounts
entry always havesubPath
specified, which makes the file only update during startup of the pod. - If it is functional in k8s at all to do this, we can absolutely support setting
readOnly
to false if it helps you get write permissions even though the changes won’t persist for that user specifically or any user until the next restart.
- An entry is added to the pod’s
Questions
- Can you describe if your volumeMount has
readOnly
explicitly set by inspection usingkubectl get pod <podname> -o yaml
? - Can you describe output of
ls -alh <path to a singleuser.extraFiles file that has been mounted>
? - Can you verify that it is the file itself that is readOnly, but not an entire folder or similar.