Handling File System Changes in Operator-based Installation
This guide explains how to manage file system operations in Digital.ai Release when using Operator-based installation. By default, containers run with read-only file systems for enhanced security. Learn how to configure various storage options including temporary storage, persistent volumes, and custom mounts to meet your application's needs while maintaining security best practices.
All containers in the Operator-based installation of Digital.ai Release are configured with:
readOnlyRootFilesystem: true- The file system is mounted as read-onlyrunAsNonRoot: true- The container runs as a non-root user
These settings enhance security by preventing unauthorized access and modifications to the file system.
The volume-permission containers that set mounted volume permissions run as root and can be removed after permission configuration.
Working with Release Pod Storage��
Release pods support two primary types of storage options: temporary storage using empty directories and persistent storage using volumes. Choose the appropriate storage type based on your data persistence requirements.
Empty Directory Mounts for Temporary Storage
The emptyDir volume provides temporary storage that exists for the pod's lifetime.
emptyDirPaths:
- /opt/xebialabs/xl-release-server/cache
- /opt/xebialabs/xl-release-server/conf
- /opt/xebialabs/xl-release-server/driver/jdbc
- /opt/xebialabs/xl-release-server/driver/mq
- /opt/xebialabs/xl-release-server/log
- /opt/xebialabs/xl-release-server/node-conf
- /opt/xebialabs/xl-release-server/plugins
- /opt/xebialabs/xl-release-server/work
- /tmp
Persistent Volume Mounts for Durable Storage
Persistent volumes provide storage that persists across pod restarts.
paths:
- /opt/xebialabs/xl-release-server/reports
Paths are mounted with ReadWriteMany access mode, enabling multiple Release pods to share the same volume simultaneously.
Configuring Custom Storage Solutions
In addition to the default storage options, you can configure custom storage solutions to meet specific requirements. These include persistent volume claims (PVC), empty directories, secrets, and ConfigMaps.
Mounting Custom PVC Volumes
extraVolumeMounts:
- name: extras
mountPath: /usr/share/extras
extraVolumes:
- name: extras
persistentVolumeClaim:
claimName: my-pvc
Mounting Empty Directory Volumes
extraVolumeMounts:
- name: extras
mountPath: /usr/share/extras
extraVolumes:
- name: extras
emptyDir: {}
Adding Files From Secrets
extraVolumeMounts:
- name: extras
mountPath: /usr/share/extras
readOnly: true
extraVolumes:
- name: extras
configMap:
name: load-definition
extraSecrets:
load-definition:
load_definition1.json: |
{
"example": "content"
}
load_definition2.json: |
{
"example": "content"
}
Adding Files From ConfigMaps
Create the ConfigMap containing your files before starting the Release pod.
extraVolumeMounts:
- name: extras
mountPath: /usr/share/extras
readOnly: true
extraVolumes:
- name: extras
configMap:
name: special-config