overwrite existing configfiles in container with configmap?

[dan.ste...@googlemail.com]

Hello,

I spent today some hours trying to overwrite an existing configuration file in a pod/container by a config-files which I defined in a configmap, but I didn't get it... :-(

I already found out there is a bug with the description that the filesystem is mounted read-only which fit to the error I get and I also found a workaround to mount the map on a different location and copy the file to the right place.
My Question is now is there a way to overwrite existing files in the container by a configmap or is the copy-solution the only solution which really works?
best regards
Dan

PS
We are using kubernetes in Version 1.10.4

[Tim Hockin]

You can use a configmap and the `subPath` feature of volumeMounts to
place a single CM key over an existing file. The only gotcha is that
the config map will not auto-update that file (a limitation of Linux).

[dan.ste...@googlemail.com]

First of all I would like to thank you for your quick response, it's me kubernetes newbie quite frustating to try around. And Now I would like to ask you maybe do you have a little example for me how the subPath-feature works? At the moment I do something like this:

apiVersion: v1
kind: Pod
spec:
containers:
- name: sq-container
image: docker.io/sonarqube:6.7.1
command: [
"sh",
"-ce",
"cp /mnt/conf/sonar.properties /opt/sonarqube/conf/sonar.properties &&
chown sonarqube:sonarqube /opt/sonarqube/conf/sonar.properties &&
/opt/sonarqube/bin/run.sh"]
volumeMounts:
- name: sq-conf
mountPath: /mnt
volumes:
- name: sq-conf
configMap:
name: sq-configmap
items:
- key: sonar.properties
path: conf/sonar.properties

and I already try this (with the same configuration - just the parts I changed)

...
volumeMounts:
- name: sq-conf
mountPath: /opt/sonarqube/conf
subPath: conf
volumes:
- name: sq-conf
configMap:
name: sq-configmap
items:
- key: sonar.properties
path: sonar.properties

I get an error, the first was

chown: changing ownership of '/opt/sonarqube/conf': Read-only file system

and there was a secound I cannot reproduce at the moment

[Tim Hockin]

Try something like this (adapt to your own paths, etc):

```
spec:
volumes:
# declare a volume "config" from CM "hostnames"
- name: config
configMap:
name: hostnames
containers:
- name: hostnames
image: k8s.gcr.io/serve_hostname:v1.4 # just do something
that doesn't exit
volumeMounts:
# Mount volume "config", dada["foo"] on top of /etc/passwd
- name: config
subPath: foo
mountPath: /etc/passwd
```

and my CM looks like this:

```
apiVersion: v1
kind: ConfigMap
metadata:
name: hostnames
data:
foo: |
root:x:0:0:root:/root:/bin/bash
foobar:x:1234:1234:root:/root:/bin/bash
```

[dan.ste...@googlemail.com]

I think I am now very close to that what you're doing (suggest). My configmap looks like this at the moment:

```
kind: ConfigMap
metadata:
name: sq-configmap
data:
sonar.properties: |
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar
wrapper.conf: |
wrapper.java.additional.1=-Dsonar.wrapped=true
wrapper.java.additional.2=-Djava.awt.headless=true
```

and the manifest is like this

```

containers:
- name: sq-container
image: docker.io/sonarqube:6.7.1

volumeMounts:
- name: sq-conf
mountPath: /opt/sonarqube

subPath: conf
volumes:
- name: sq-conf
configMap:
name: sq-configmap

```

but I still get a read-only-filesystem-error. I also try to set subPath to the current-file

```

- name: sq-conf
mountPath: /opt/sonarqube/conf

subPath: sonar.properties
```

but the I get the error. sonar.properties is not a directory-error

[Tim Hockin]

On Fri, Jun 15, 2018 at 8:39 PM dan.steffen.de via Kubernetes user discussion and Q&A <kubernet...@googlegroups.com> wrote:

I think I am now very close to that what you're doing (suggest). My configmap looks like this at the moment:

```
kind: ConfigMap
metadata:
  name: sq-configmap
data:
  sonar.properties: |
    sonar.jdbc.username=sonar
    sonar.jdbc.password=sonar
  wrapper.conf: |
    wrapper.java.additional.1=-Dsonar.wrapped=true
    wrapper.java.additional.2=-Djava.awt.headless=true
```

Unless itemized, this maps to two files: sonar.properties and wrapper.conf

 

```
  containers:
  - name: sq-container
    image: docker.io/sonarqube:6.7.1
    volumeMounts:
    - name: sq-conf
      mountPath: /opt/sonarqube
      subPath: conf
  volumes:
  - name: sq-conf
    configMap:
      name: sq-configmap
```

You did not itemize the volume, so it creates a directory with the two above-named files (the keys in your CM).  To mount those two files into your container, rather than the directory containing the two files, you need to mount each of them as a volumeMount, with the subPath being the filename.  e.g.

```

    volumeMounts:
    - name: sq-conf
      subPath: sonar.properties

      mountPath: /opt/sonarqube/sonar.properties

    - name: sq-conf

      subPath: wrapper.conf

      mountPath: /opt/sonarqube/wrapper.conf

```

Note that when I write it, I always put subPath next to name.  While it doesn;t matter to YAML, it matters to humans.  The subPath is relative to the volume - in your case the volume has 2 files.  You want to mount them as files so you need to spell that out.

Now, if your FS is read-only, you need to make sure the directory exists all the way up to the final dir into which you want to mount the file.

 

but I still get a read-only-filesystem-error. I also try to set subPath to the current-file

```
    - name: sq-conf
      mountPath: /opt/sonarqube/conf
      subPath: sonar.properties
```

but the I get the error. sonar.properties is not a directory-error

Where does that error appear? 

[dan.ste...@googlemail.com]

Thanks a lot for your comments and the modifications the files appear in the container... it's a little bit strange but now the run.sh-Skript which starts the service in the container will not be executed, could this be a effect of the mount of the files into the filesystem? because when I mount the file to another place (e.g. /mount) copy it the it works...

[Tim Hockin]

This should not have any effect on that.  Is is specified in the pod (as command or args?) Or is it the ENTRY POINT of the container?  Can you read back your yaml to make sure you didn't make an indent mistake or something?

On Sat, Jun 16, 2018, 1:48 AM dan.steffen.de via Kubernetes user discussion and Q&A <kubernet...@googlegroups.com> wrote:

Thanks a lot for your comments and the modifications the files appear in the container... it's a little bit strange but now the run.sh-Skript which starts the service in the container will not be executed, could this be a effect of the mount of the files into the filesystem? because when I mount the file to another place (e.g. /mount) copy it the it works...

--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[dan.ste...@googlemail.com]

Today morning I found the problem, the startscript which will be called in the container makes a chown on the configurationfiles but through the mounting the files war read-only that's why the script crashed.
When I enter the container, remove the line with the chown and run the script manuelly it starts. At the moment I didn't test if the problem is resolved, when I remove the line with the command-argument in the manifest-file but I think so.
Finally I would like to thanks again for your help and patience with me :-)

[Tim Hockin]

Happy to help.  If you want to really repay me - write a blog post about using this feature.  Even a 1-page summary of the problem it solves and how you made it work would be awesome.

If you do this, let me know and we'll publicize it.

Tim

[dan.ste...@googlemail.com]

Before I cause any confusion you mean a howto about the usage of sonarqube with configmaps in kubernetes? I will talk today with the leader of our team and if he gives me the ok I will write something.
How can I contact you if I am finished? Just replay again on this thread?

Dan

[Tim Hockin]

Not even as detailed as that.  Just "how I made Kubernetes mount individual files of a configmap".  You can always reach me here, or on twiitter or by email. :)  Same name everwhere.