Is your feature request related to a problem? Please describe.
Currently, when enabled, the prometheus bits of data-services and k8s-watcher are writing files under /prometheus. While this work with a default k8s setup, it has two limitations:
- It won't work as is with OpenShift (due to the permissions currently set on the folder: only the owner has write permission and with the default Security Context Constraints of OpenShift, the user ID won't match)
- It won't work if the deployment makes use of a security context that makes the root filesystem read-only
Describe the solution you'd like
In order to keep things easy for the administrator, it would be nice to be able to add extra volumes and volume mounts in order to be able to have the prometheus files created.
Describe alternatives you've considered
There are two alternatives:
- Disable Prometheus: but people will lose that information
- Modify the permissions set on the
/prometheus folder so that the group also has write access and then use the supplementalGroups attribute in the security context however it won't solve the read only root filesystem case.
Is your feature request related to a problem? Please describe.
Currently, when enabled, the prometheus bits of data-services and k8s-watcher are writing files under
/prometheus. While this work with a default k8s setup, it has two limitations:Describe the solution you'd like
In order to keep things easy for the administrator, it would be nice to be able to add extra volumes and volume mounts in order to be able to have the prometheus files created.
Describe alternatives you've considered
There are two alternatives:
/prometheusfolder so that the group also has write access and then use thesupplementalGroupsattribute in the security context however it won't solve the read only root filesystem case.