admin管理员组

文章数量:1279237

I am new to Docker/Kubernetes/Helm Charts. I was asked to make the file system as read only for an environment. After reading up a bit.

I made the changes in the helm charts like:

containers:
- name: {{ template "name" . }}
  image: "{{ .Values.images.repository }}/com.gmtp.aid.dev/aid:{{ .Values.images.aidTag }}"
  #imagePullPolicy: {{ .Values.images.pullPolicy }}
  imagePullPolicy: {{ .Values.images.pullPolicy }}
  securityContext:
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
    runAsUser: 1000
    runAsGroup: 1000
    runAsNonRoot: true
  command:
    - sh
    - -c
    - >
      .
      .
      .
      .
      .
      .
      .
      keytool -import -trustcacerts -alias gtt_internal_root -file /tmp/gtt_internal_root.crt -keystore /opt/java/openjdk/lib/security/cacerts --storepass changeit -noprompt;
      keytool -import -trustcacerts -alias gttinternalrootv2_1 -file /tmp/gttinternalrootv2_1.crt -keystore /opt/java/openjdk/lib/security/cacerts --storepass changeit -noprompt;
      keytool -delete -alias digicertglobalrootca -keystore /opt/java/openjdk/lib/security/cacerts -storepass changeit -noprompt;
      keytool -import -trustcacerts -alias digicertglobalrootca -file /tmp/digicertglobalrootca.crt -keystore /opt/java/openjdk/lib/security/cacerts --storepass changeit -noprompt;
      keytool -delete -alias digicertglobalrootg2 -keystore /opt/java/openjdk/lib/security/cacerts -storepass changeit -noprompt;
      keytool -import -trustcacerts -alias digicertglobalrootg2 -file /tmp/digicertglobalrootg2.crt -keystore /opt/java/openjdk/lib/security/cacerts --storepass changeit -noprompt;
      .
      .
      .
      .
      .
      .

After deleting the pod. During the restart the POD status show CrashLoopBackOff. And I see in the logs:

Certificate stored in file </opt/app/aafcertman/ca_aaf_0.crt>
Certificate stored in file </opt/app/aafcertman/ca_aaf_1.crt>
Certificate stored in file </opt/app/aafcertman/ca_aaf_2.crt>
Certificate stored in file </opt/app/aafcertman/ca_aaf_3.crt>
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Certificate stored in file </opt/app/aafcertman/verisigng3_ca.crt>
Certificate stored in file </opt/app/aafcertman/digicertsha2secureserverca.crt>
Certificate stored in file </opt/app/aafcertman/verisigng5_ca.crt>
Certificate stored in file </opt/app/aafcertman/verisigng4_ca.crt>
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Warning: use -cacerts option to access cacerts keystore
keytool error: java.lang.Exception: Alias <digicertglobalrootca> does not exist
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Warning: use -cacerts option to access cacerts keystore
keytool error: java.lang.Exception: Alias <digicertglobalrootg2> does not exist
Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
Starting AAI KeyStore creation.
Importing keystore /opt/app/aafcertman/aai-client-cert.p12 to /opt/app/aafcertman/vid-aai.jks...
keytool error: java.lang.NullPointerException: invalid null input
keytool error: java.lang.Exception: Certificate not imported, alias <ca_aaf_2> already exists
keytool error: java.lang.Exception: Certificate not imported, alias <ca_aaf_1> already exists
keytool error: java.lang.Exception: Certificate not imported, alias <ca_aaf_0> already exists
keytool error: java.lang.Exception: Certificate not imported, alias <ca_aaf_3> already exists
Ended AAI KeyStore creation.
Importing TAPM certs
Existing entry alias vid_chain exists, overwrite? [no]:  Enter new alias name   (RETURN to cancel import for this entry):  Warning: use -cacerts option to access cacerts keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/java/openjdk/lib/security/cacerts (Read-only file system)
/usr/local/tomcat/bin/setenv.sh: line 9: /tmp/aaf_pass: Read-only file system
/usr/local/tomcat/bin/setenv.sh: line 10: /tmp/aaf_pass: Read-only file system
/usr/local/tomcat/bin/setenv.sh: line 11: /tmp/cadi_truststore_password: Read-only file system
/usr/local/tomcat/bin/setenv.sh: line 12: /tmp/cadi_keystore_password: Read-only file system
/usr/local/tomcat/bin/setenv.sh: line 13: /tmp/tomcat_ssl_port: Read-only file system
/usr/local/tomcat/bin/setenv.sh: line 14: /tmp/ajp_port: Read-only file system
/usr/local/tomcat/bin/setenv.sh: line 15: /tmp/catalina_opts_in_startup_start: Read-only file system

Can you please help me with this? Did I do the helm charts right? Thanks.

本文标签: dockerFileNotFoundException After Making Container ReadOnly File SystemStack Overflow

版权声明:本文标题:docker - FileNotFoundException After Making Container Read-Only File System - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741262840a2367938.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。