Skip to main content
Version: Early Access

Handling File System Changes in Operator-based Installation

This guide explains how to manage file system modifications in a Digital.ai Deploy Operator-based installation, including security configurations, volume mounting options, and best practices for handling storage requirements.

Security Configuration

All containers in the Operator-based installation of Digital.ai Deploy are configured with enhanced security settings:

  • readOnlyRootFilesystem: true - Mounts the file system as read-only
  • runAsNonRoot: true - Ensures containers run as non-root users

These settings help prevent unauthorized access and file system modifications.

Exception

Volume-permission containers are exempt from the runAsNonRoot restriction as they need root access to set mounted volume permissions. These containers can be safely removed after permission setup.

The following sections describe various approaches to configure volumes for master and worker nodes. While the configuration prefix differs between them, the underlying concepts remain the same.

Temporary Storage With EmptyDir Mounts

EmptyDir volumes provide temporary storage that exists only during the pod's lifetime. These volumes are created when a pod starts and are removed when it terminates.

Default EmptyDir Configurations

Use the emptyDirPaths parameter to specify paths that should be mounted as empty directories:

  centralConfiguration:
    emptyDirPaths:
    - /tmp
    - /opt/xebialabs/central-configuration-server/centralConfiguration
    - /opt/xebialabs/central-configuration-server/conf
    - /opt/xebialabs/central-configuration-server/log
  master:
    emptyDirPaths:
    - /opt/xebialabs/xl-deploy-server/artifacts
    - /opt/xebialabs/xl-deploy-server/cache
    - /opt/xebialabs/xl-deploy-server/centralConfiguration
    - /opt/xebialabs/xl-deploy-server/conf
    - /opt/xebialabs/xl-deploy-server/driver/jdbc
    - /opt/xebialabs/xl-deploy-server/driver/mq
    - /opt/xebialabs/xl-deploy-server/export
    - /opt/xebialabs/xl-deploy-server/log
    - /opt/xebialabs/xl-deploy-server/node-conf
    - /opt/xebialabs/xl-deploy-server/plugins
    - /tmp
  worker:
    emptyDirPaths:
    - /opt/xebialabs/deploy-task-engine/cache
    - /opt/xebialabs/deploy-task-engine/conf
    - /opt/xebialabs/deploy-task-engine/driver/jdbc
    - /opt/xebialabs/deploy-task-engine/driver/mq
    - /opt/xebialabs/deploy-task-engine/export
    - /opt/xebialabs/deploy-task-engine/log
    - /opt/xebialabs/deploy-task-engine/node-conf
    - /opt/xebialabs/deploy-task-engine/plugins
    - /tmp

Persistent Storage Configuration

Persistent volumes provide durable storage that persists across pod restarts. This storage remains until the persistent volume claim is explicitly deleted.

Default Persistent Volume Paths

Configure persistent storage using the paths parameter:

  centralConfiguration:
    paths: []
  master:
    paths:
      - /opt/xebialabs/deploy-task-engine/work
  worker:
    paths:
    - /opt/xebialabs/deploy-task-engine/work
tip

Persistent volumes use ReadWriteOnce access mode, allowing multiple Deploy pods to share the same volume and access files concurrently.

Custom Volume Configurations

Digital.ai Deploy supports several methods for configuring custom volumes to meet specific storage and access requirements for your deployment.

Available Configuration Parameters

To mount custom volumes, use these parameters:

  • extraVolumeMounts: Defines additional volume mount points
  • extraVolumes: Specifies additional volume definitions
  • extraSecrets: Configures secret-based volumes

Custom PVC Mount Example

centralConfiguration: # OR master: OR worker:
    extraVolumeMounts:
    - name: extras
      mountPath: /usr/share/extras
    extraVolumes:
    - name: extras
      persistentVolumeClaim:
        claimName: my-pvc

Custom EmptyDir Mount Example

centralConfiguration: # OR master: OR worker:
    extraVolumeMounts:
    - name: extras
      mountPath: /usr/share/extras
    extraVolumes:
    - name: extras
      emptyDir: {}

Custom Files From Secret Example

centralConfiguration: # OR master: OR worker:
    extraVolumeMounts:
    - name: extras
      mountPath: /usr/share/extras
      readOnly: true
    extraVolumes:
      - name: extras
        configMap:
          name: load-definition
    extraSecrets:
      load-definition:
        load_definition1.json: |
          {
            ...
          }
        load_definition2.json: |
          {
            ...
          }

Custom Files From ConfigMap Example

centralConfiguration: # OR master: OR worker:
    extraVolumeMounts:
    - name: extras
      mountPath: /usr/share/extras
      readOnly: true
    extraVolumes:
    - name: extras
      configMap:
        name: special-config