From 02b94e820304ec6f057ca57e846f47532cc3b48e Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Tue, 18 Apr 2023 10:06:59 +0100 Subject: [PATCH 1/2] chore(docs): update advice for cache dir --- docs/install/openshift.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/docs/install/openshift.md b/docs/install/openshift.md index e9081004e398f..4f00bfcceb28d 100644 --- a/docs/install/openshift.md +++ b/docs/install/openshift.md @@ -57,9 +57,10 @@ URL as a secret. Additionally, if accessing Coder over a hostname, set the `CODE value. By default, Coder creates the cache directory in `/home/coder/.cache`. Given the -OpenShift-provided UID, the Coder container does not have permission to write to -this directory. To fix this, set the `CODER_CACHE_DIRECTORY` environment variable -to `/tmp/coder-cache`. +OpenShift-provided UID and `readOnlyRootFS` security context constraint, the Coder +container does not have permission to write to this directory. +To fix this, you can mount a temporary volume in the pod and set +the `CODER_CACHE_DIRECTORY` environment variable to that location. Additionally, create the Coder service as a `ClusterIP`. In the next step, you will create an OpenShift route that points to the service HTTP target port. @@ -70,7 +71,7 @@ coder: type: ClusterIP env: - name: CODER_CACHE_DIRECTORY - value: /tmp/coder-cache + value: /cache - name: CODER_PG_CONNECTION_URL valueFrom: secretKeyRef: @@ -82,7 +83,15 @@ coder: runAsNonRoot: true runAsUser: runAsGroup: - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true + volumes: + - name: "cache" + emptyDir: + sizeLimit: 500Mi + volumeMounts: + - name: "cache" + mountPath: "/cache" + readOnly: false ``` > Note: OpenShift provides a Developer Catalog offering you can use to From 8699d59005b5c5bd595485f38a3584da794f2f33 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Tue, 18 Apr 2023 11:20:46 +0100 Subject: [PATCH 2/2] fixup! chore(docs): update advice for cache dir --- docs/install/openshift.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/install/openshift.md b/docs/install/openshift.md index 4f00bfcceb28d..253797944959b 100644 --- a/docs/install/openshift.md +++ b/docs/install/openshift.md @@ -85,13 +85,13 @@ coder: runAsGroup: readOnlyRootFilesystem: true volumes: - - name: "cache" - emptyDir: - sizeLimit: 500Mi + - name: "cache" + emptyDir: + sizeLimit: 500Mi volumeMounts: - - name: "cache" - mountPath: "/cache" - readOnly: false + - name: "cache" + mountPath: "/cache" + readOnly: false ``` > Note: OpenShift provides a Developer Catalog offering you can use to