Skip to main content
Version: Early Access

Handling File System Changes in Operator-based Installation

This guide explains how to manage file system operations in Digital.ai Release when using Operator-based installation. By default, containers run with read-only file systems for enhanced security. Learn how to configure various storage options including temporary storage, persistent volumes, and custom mounts to meet your application's needs while maintaining security best practices.

Security Configuration

All containers in the Operator-based installation of Digital.ai Release are configured with:

  • readOnlyRootFilesystem: true - The file system is mounted as read-only
  • runAsNonRoot: true - The container runs as a non-root user

These settings enhance security by preventing unauthorized access and modifications to the file system.

Exception

The volume-permission containers that set mounted volume permissions run as root and can be removed after permission configuration.

Working with Release Pod Storage

Release pods support two primary types of storage options: temporary storage using empty directories and persistent storage using volumes. Choose the appropriate storage type based on your data persistence requirements.

Empty Directory Mounts for Temporary Storage

The emptyDir volume provides temporary storage that exists for the pod's lifetime.

  emptyDirPaths:
    - /opt/xebialabs/xl-release-server/cache
    - /opt/xebialabs/xl-release-server/conf
    - /opt/xebialabs/xl-release-server/driver/jdbc
    - /opt/xebialabs/xl-release-server/driver/mq
    - /opt/xebialabs/xl-release-server/log
    - /opt/xebialabs/xl-release-server/node-conf
    - /opt/xebialabs/xl-release-server/plugins
    - /opt/xebialabs/xl-release-server/work
    - /tmp

Persistent Volume Mounts for Durable Storage

Persistent volumes provide storage that persists across pod restarts.

  paths:
    - /opt/xebialabs/xl-release-server/reports
tip

Paths are mounted with ReadWriteMany access mode, enabling multiple Release pods to share the same volume simultaneously.

Configuring Custom Storage Solutions

In addition to the default storage options, you can configure custom storage solutions to meet specific requirements. These include persistent volume claims (PVC), empty directories, secrets, and ConfigMaps.

Mounting Custom PVC Volumes

extraVolumeMounts:
- name: extras
  mountPath: /usr/share/extras
extraVolumes:
- name: extras
  persistentVolumeClaim:
    claimName: my-pvc

Mounting Empty Directory Volumes

extraVolumeMounts:
- name: extras
  mountPath: /usr/share/extras
extraVolumes:
- name: extras
  emptyDir: {}

Adding Files From Secrets

extraVolumeMounts:
- name: extras
  mountPath: /usr/share/extras
  readOnly: true
extraVolumes:
  - name: extras
    configMap:
      name: load-definition
extraSecrets:
  load-definition:
    load_definition1.json: |
      {
        "example": "content"
      }
    load_definition2.json: |
      {
        "example": "content"
      }

Adding Files From ConfigMaps

Prerequisites

Create the ConfigMap containing your files before starting the Release pod.

extraVolumeMounts:
- name: extras
  mountPath: /usr/share/extras
  readOnly: true
extraVolumes:
- name: extras
  configMap:
    name: special-config