[bitnami/grafana] Read only filesystem error when any init scripts are present

[bpfoster]

Name and Version

bitnami/grafana 10.0.0

What architecture are you using?

amd64

What steps will reproduce the bug?

1. Configure chart to install with a custom init script
2. Get error

Are you using any custom parameters or values?

extraVolumes:
  - name: init-scripts
    configMap:
      name: "grafana-init-scripts"
extraVolumeMounts:
  - name: init-scripts
    mountPath: /docker-entrypoint-init.d

What is the expected behavior?

Chart installs as it did prior

What do you see instead?

grafana 12:39:20.18 INFO  ==> Executing /docker-entrypoint-init.d/..2024_03_15_12_17_10.2617271577/my-init.sh
touch: cannot touch '/bitnami/grafana/.user_scripts_initialized': Read-only file system

Additional information

I know you note in the chart readme that "This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones."

However I think that the readonly filesystem is a good thing, and I'm not sure that we should have to choose between it and having init scrpts.

Note that this has nothing to do with what the init script is doing. Yes, if my init script is trying to write to a readonly filesystem I would expect there to be issues. However the issue is in the container image's scripts - the container itself can't handle any init scripts when running on readonly fs.

The container is failing when writing the initialized marker file. Could you not alter that to write to one of the writable volumes mounted by the chart, e.g. /tmp or /opt/bitnami/grafana/tmp?
https://github.com/bitnami/containers/blob/main/bitnami/grafana/10/debian-12/rootfs/post-init.sh#L24

I see many other containers are also writing a similar marker file, so as you roll out the readonly changes across all charts I'd expect this same issue to pop up all over.

[javsalgar]

Hi!

Thank you so much for reporting. I believe that adding an emptydir in /bitnami/grafana could potentially fix the issue. Before creating a PR, could you check if the following works?

grafana:
  extraVolumeMounts:
    - name: empty-dir
      mountPath: /bitnami/grafana
      subPath: app-volume-dir

[bpfoster]

Hi, yes this approach does appear to resolve the issue.

[javsalgar]

Hi! I created the PR above to fix the issue

[bpfoster]

Thanks!

[TomRoush]

@javsalgar Can this fix be applied to other charts that have support init scripts and read only file system enabled by default? I ran into the same problem with permissions with Elasticsearch, and I'm guessing that other charts will have the same issue

[javsalgar]

Sure! Let me check them

[kedare]

Same issue on the Keycloak chart for example.