Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for Read-Only Filesystems in Docker Image #1121

Open
chrootlogin opened this issue Dec 1, 2024 · 1 comment
Open

Support for Read-Only Filesystems in Docker Image #1121

chrootlogin opened this issue Dec 1, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@chrootlogin
Copy link

Description

When using the teable image (1.5.2 or latest) on Kubernetes with a read-only filesystem, the application fails to start due to a write operation attempting to save the openapi.json file to a location that is not writable.

Steps to Reproduce

  1. Deploy the teable image (1.5.2 or latest) in a Kubernetes environment.
  2. Set the container to use a read-only filesystem.
  3. Observe the logs during startup.

Error Logs

node:internal/fs/sync:78
  return binding.openSync(
                 ^

Error: EROFS: read-only file system, open '/app/apps/nestjs-backend/dist/openapi.json'
    at Object.open (node:internal/fs/sync:78:18)
    at Object.openSync (node:fs:565:17)
    at Object.writeFileSync (node:fs:2288:35)
    at setUpAppMiddleware (/app/apps/nestjs-backend/dist/index.js:49:22)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async bootstrap (/app/apps/nestjs-backend/dist/index.js:74:5)
    at async /app/apps/nestjs-backend/dist/index.js:44579:15 {
  errno: -30,
  code: 'EROFS',
  syscall: 'open',
  path: '/app/apps/nestjs-backend/dist/openapi.json'
}

Node.js v20.9.0

Expected Behavior

The application should write temporary or generated files to a writable location, such as /tmp, allowing compatibility with read-only filesystems.

Actual Behavior

The application attempts to write to /app/apps/nestjs-backend/dist/openapi.json, which is not writable when the filesystem is read-only, causing the application to crash.

Suggested Solution

Update the application to write all temporary or runtime-generated files (e.g., openapi.json) to a writable directory, such as /tmp, which is typically writable in read-only filesystem configurations.

Environment

  • Image Version: 1.5.2 / latest
  • Node.js Version: v20.9.0
  • Kubernetes environment with read-only filesystem

Impact

This issue prevents the image from being used in environments where a read-only filesystem is a security or operational requirement, such as in Kubernetes deployments with strict policies.

Additional Context

Read-only filesystem support is a common requirement in containerized environments to enhance security. Allowing the application to handle temporary or runtime-generated files in a writable location like /tmp would make it compatible with such setups.

Request

Please modify the image or provide configuration options to support deployment with a read-only filesystem. Let me know if you need further details or testing.

Thank you for addressing this issue!

@tea-artist
Copy link
Contributor

It is theoretically possible to avoid it, but it requires some extra effort. We'll see if there's a bigger impact.

@kpodp0ra kpodp0ra added the enhancement New feature or request label Dec 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants