K8s readOnlyRootFilesystem

MrXEN · March 20, 2024, 2:12pm

Good afternoon, colleagues. I have Temporal 1.17.5 installed in my cluster.
Trying to upgrade from 1.17.5 to 1.22.6 and when trying to run tctl in temporal-admin-tool I get the following error:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x16c9815]

goroutine 1 [running]:
main.main()
/home/builder/tctl/cmd/tctl/main.go:39 +0x35

No error occurs on version 1.17.5.
I have a mandatory policy in my cluster - readOnlyRootFilesystem: true.
I checked separately in docker-compose - if I set read_only: true then the same error, if false then everything works.
Please advise how to be in this situation.

jreynolds23 · March 20, 2024, 3:48pm

Hi,

Can you verify if you have your permissions set to the $HOME dir on the environment? tctl needs permissions to write the .config file to $HOME dir. Can you give read+write permissions to this dir and then try again?

MrXEN · March 20, 2024, 5:13pm

Thanks for the tip! I can’t grant permissions in the container, but I looked up that $HOME is /home/temporal and added this to the helm-chart and it worked:

volumes:

name: builder-volume
emptyDir: {}

volumeMounts:

name: builder-volume
mountPath: /home/temporal

Thank you.

Topic		Replies	Views
Segmentation violation during temporal upgrades Community Support	11	780	April 13, 2021
How does tctl compute the configuration file path and is it overridable? Community Support	3	460	August 28, 2023
Cannot run temporal services as non-root user in kubernetes Community Support kubernetes	10	1826	August 2, 2022
SIGSEGV in temporal-history service Community Support java-sdk , server	2	178	January 29, 2024
Update from 0.29 -> 1.3.0 Community Support go-sdk , mysql	3	742	November 18, 2020

K8s readOnlyRootFilesystem

Related Topics