Chapter 4. Configuring readOnlyRootFilesystem in Red Hat Developer Hub
The Red Hat Developer Hub deployment consists of two containers: an initContainer
that installs the Dynamic Plugins, and a backend container that runs the application. The initContainer
has the readOnlyRootFilesystem
option enabled by default. To enable this option on the backend container, you must either have permission to deploy resources through Helm or to create or update a CR for Operator-backed deployments. You can manually configure the readOnlyRootFilesystem
option on the backend container by using the following methods:
- The Red Hat Developer Hub Operator
- The Red Hat Developer Hub Helm chart
4.1. Configuring the readOnlyRootFilesystem option in a Red Hat Developer Hub Operator deployment Copy linkLink copied to clipboard!
When you are deploying Developer Hub using the Operator, you must specify a patch
for the deployment
in your Backstage
custom resource (CR) that applies the readOnlyRootFilesystem
option to the securityContext
section in the Developer Hub backend container.
Procedure
In your
Backstage
CR, add thesecurityContext
specification. For example:Copy to Clipboard Copied! Toggle word wrap Toggle overflow - 1
- Name of the main container defined in the Operator default configuration.
4.2. Configuring the readOnlyRootFilesystem option in a Red Hat Developer Hub Helm chart deployment Copy linkLink copied to clipboard!
Procedure
In your
values.yaml
file, add thereadOnlyRootFilesystem: true
line to thecontainerSecurityContext
section. For example:upstream: backstage: containerSecurityContext: readOnlyRootFilesystem: true
upstream: backstage: containerSecurityContext: readOnlyRootFilesystem: true
Copy to Clipboard Copied! Toggle word wrap Toggle overflow