[Kiali-operator Helm Chart] Mount /tmp instead of /tmp/ansible-operator/runner as emptyDir to enable read-only root filesystem

[eli-gc]

I came across an issue when trying to enable read-only root filesystem for Kiali-operator. The operator tries to write to kubeconfig in /tmp directory of the root filesystem. There is an existing emptyDir mount for /tmp/ansible-operator/runner for the ansible logging volume. I am proposing that /tmp be mounted to this emptyDir instead. This should preserve previous functionality of the Ansible logging volume while also enabling read only root filesystem.

This work is related to #5810

I'm going to test this and will make a PR if no one has any objections.

[eli-gc]

I'm testing the mounting but I am having trouble with ansible trying to write to /opt/ansible/.ansible/tmp. Anyone know if there is a way to change this path?

[eli-gc]

I tried to set DEFAULT_LOCAL_TMP = /tmp and I confirmed this env variable is set in my container, but Ansible is still writing to /opt/ansible/.ansible/tmp

[jmazzitelli]

I don't know the answer; sounds like a good question to ask the ansible operator SDK folks here: https://github.com/operator-framework/ansible-operator-plugins/issues/new?assignees=&labels=&projects=&template=support-question.md&title=

[eli-gc]

Haven't heard back from Ansible, but I was able to get it to work by mounting another ephemeral volume for /opt/ansible/.ansible/tmp.

[jmazzitelli]

Here's the answer I was told:

DEFAULT_LOCAL_TMP is the configuration name;
the env var is ANSIBLE_LOCAL_TEMP
https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-local-tmp

[eli-gc]

I tried it and it works! Thank you so much!

[jmazzitelli]

Thanks, @eli-gc ... looks good... All merged!