K8s readOnlyRootFilesystem

MrXEN · March 20, 2024, 2:12pm

Good afternoon, colleagues. I have Temporal 1.17.5 installed in my cluster.
Trying to upgrade from 1.17.5 to 1.22.6 and when trying to run tctl in temporal-admin-tool I get the following error:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x16c9815]

goroutine 1 [running]:
main.main()
/home/builder/tctl/cmd/tctl/main.go:39 +0x35

No error occurs on version 1.17.5.
I have a mandatory policy in my cluster - readOnlyRootFilesystem: true.
I checked separately in docker-compose - if I set read_only: true then the same error, if false then everything works.
Please advise how to be in this situation.

jreynolds23 · March 20, 2024, 3:48pm

Hi,

Can you verify if you have your permissions set to the $HOME dir on the environment? tctl needs permissions to write the .config file to $HOME dir. Can you give read+write permissions to this dir and then try again?

MrXEN · March 20, 2024, 5:13pm

Thanks for the tip! I can’t grant permissions in the container, but I looked up that $HOME is /home/temporal and added this to the helm-chart and it worked:

volumes:

name: builder-volume
emptyDir: {}

volumeMounts:

name: builder-volume
mountPath: /home/temporal

Thank you.

Topic		Replies	Views
Segmentation violation during temporal upgrades Community Support	11	1036	April 13, 2021
Temporal installation Community Support general-impl	0	56	July 4, 2024
How does tctl compute the configuration file path and is it overridable? Community Support	3	543	August 28, 2023
File Permission Issues with Temporal Self-Hosted Deployment on Docker Compose Community Support	0	22	December 17, 2024
Cannot run temporal services as non-root user in kubernetes Community Support kubernetes	10	2225	August 2, 2022

K8s readOnlyRootFilesystem

Related topics