Fix nginx user permissions in nginx-alpine image

Problem: Fails to run nginx proxies, because user home directory is not owned by nginx user inside newer nginx-alpine images Solution: Mount emptyDir to the user home directory(/var/cache/nginx) so that it is writable by the nginx user. Also update UID from 100 to 101 to be consistent with upstream changes(https://github.com/nginxinc/docker-nginx/issues/218)

Fix nginx user permissions in nginx-alpine image
1d95df5a · gitlawr · Alena Prokharchyk · 6a2d834f · 1d95df5a · 1d95df5a
Commit 1d95df5a authored Oct 22, 2019 by gitlawr Committed by Alena Prokharchyk Oct 22, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 2 deletions

deployment.yaml ...onitoring/v0.0.5/charts/grafana/templates/deployment.yaml +5 -1

prometheus.yaml ...toring/v0.0.5/charts/prometheus/templates/prometheus.yaml +6 -1

No files found.
--- a/charts/rancher-monitoring/v0.0.5/charts/grafana/templates/deployment.yaml
+++ b/charts/rancher-monitoring/v0.0.5/charts/grafana/templates/deployment.yaml
@@ -106,11 +106,13 @@ spec:
        volumeMounts:
        - mountPath: /nginx/
          name: grafana-nginx
+        - mountPath: /var/cache/nginx
+          name: nginx-home
        {{- if and .Values.resources .Values.resources.proxy }}
        resources:
 {{ toYaml .Values.resources.proxy | indent 10 }}
        securityContext:
-          runAsUser: 100
+          runAsUser: 101
          runAsGroup: 101
        {{- end }}
      nodeSelector:
@@ -167,3 +169,5 @@ spec:
      - name: grafana-provisionings
        configMap:
          name: {{ template "app.provisionings.fullname" . }}
+      - name: nginx-home
+        emptyDir: {}
--- a/charts/rancher-monitoring/v0.0.5/charts/prometheus/templates/prometheus.yaml
+++ b/charts/rancher-monitoring/v0.0.5/charts/prometheus/templates/prometheus.yaml
@@ -33,11 +33,13 @@ spec:
 {{ toYaml .Values.resources.proxy | indent 6 }}
    {{- end }}
    securityContext:
-      runAsUser: 100
+      runAsUser: 101
      runAsGroup: 101
    volumeMounts:
    - mountPath: /nginx
      name: configmap-{{ template "app.nginx.fullname" . }}
+    - mountPath: /var/cache/nginx
+      name: nginx-home
 {{- if eq .Values.level "cluster" }}
  - name: prometheus-agent
    command:
@@ -169,6 +171,9 @@ spec:
            storage: {{ .Values.persistence.size | quote }}
 {{- end }}
 {{- end }}
+  volumes:
+  - name: nginx-home
+    emptyDir: {}
  version: "{{ .Values.image.tag }}"
  affinity:
    podAntiAffinity: