Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 4. Configuring readOnlyRootFilesystem in Red Hat Developer Hub
The Red Hat Developer Hub deployment consists of two containers: an initContainer that installs the Dynamic Plugins, and a backend container that runs the application. The initContainer has the readOnlyRootFilesystem option enabled by default. To enable this option on the backend container, you must either have permission to deploy resources through Helm or to create or update a CR for Operator-backed deployments. You can manually configure the readOnlyRootFilesystem option on the backend container by using the following methods:
- The Red Hat Developer Hub Operator
- The Red Hat Developer Hub Helm chart
4.1. Configuring the readOnlyRootFilesystem option in a Red Hat Developer Hub Operator deployment
When you are deploying Developer Hub using the Operator, you must specify a patch for the deployment in your Backstage custom resource (CR) that applies the readOnlyRootFilesystem option to the securityContext section in the Developer Hub backend container.
Procedure
In your
BackstageCR, add thesecurityContextspecification. For example:spec: deployment: patch: spec: template: spec: containers: - name: backstage-backend 1 securityContext: readOnlyRootFilesystem: true- 1
- Name of the main container defined in the Operator default configuration.
4.2. Configuring the readOnlyRootFilesystem option in a Red Hat Developer Hub Helm chart deployment
Procedure
In your
values.yamlfile, add thereadOnlyRootFilesystem: trueline to thecontainerSecurityContextsection. For example:upstream: backstage: containerSecurityContext: readOnlyRootFilesystem: true
