I've the following argo workflow which has securityContext
added.
After running it, it's failing with ReadOnlyRootFileSystem error as mentioned below.
Here is the workflow yaml.
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
generateName: hello-world-
spec:
entrypoint: whalesay
templates:
- name: whalesay
container:
image: docker/whalesay:latest
command: [cowsay]
args: ["hello world"]
securityContext:
readOnlyRootFilesystem: true
and the error is as below:
Warning WorkflowNodeError 17s workflow-controller Error node hello-world-tcdbg: admission webhook "validation.gatekeeper.sh" denied the request: [psp-readonlyrootfilesystem] only read-only root filesystem container is allowed: wait
[psp-readonlyrootfilesystem] only read-only root filesystem container is allowed: init
Am I using securityContext in wrong position or am I missing anything? what's the fix for it?
Try using init containers in the yaml file as :
Note: readOnlyRootFilesystem: true that this field cannot be set when spec.os.name is windows.
For more information follow this yaml for any changes and modifications.