configmap mount fail read-only file system #63477

13567436138 · 2018-05-07T06:42:09Z

 ----     ------                 ----             ----               -------
  Normal   SuccessfulMountVolume  1m               kubelet, node5     MountVolume.SetUp succeeded for volume "config-volume"
  Normal   SuccessfulMountVolume  1m               kubelet, node5     MountVolume.SetUp succeeded for volume "default-token-xf8z2"
  Warning  Failed                 1m               kubelet, node5     Error: failed to start container "dnsmasq": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\\"/var/lib/docker/containers/28522215b76e8d67a463d0febd262c5d34e939478a4ba42f0da9b961781dc975/resolv.conf\\\" to rootfs \\\"/var/lib/docker/overlay/21308c3e7dc62edbb252e56a2f0e56f947b27d8fe1ec4cf005f5c70ae2d9569a/merged\\\" at \\\"/var/lib/docker/overlay/21308c3e7dc62edbb252e56a2f0e56f947b27d8fe1ec4cf005f5c70ae2d9569a/merged/etc/resolv.conf\\\" caused \\\"open /var/lib/docker/overlay/21308c3e7dc62edbb252e56a2f0e56f947b27d8fe1ec4cf005f5c70ae2d9569a/merged/etc/resolv.conf: read-only file system\\\"\""
  Warning  Failed                 1m               kubelet, node5     Error: failed to start container "dnsmasq": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\\"/var/lib/docker/containers/28522215b76e8d67a463d0febd262c5d34e939478a4ba42f0da9b961781dc975/resolv.conf\\\" to rootfs \\\"/var/lib/docker/overlay/12d4e68c278b04b1463933f352a87ac2ede13944aa11511b505bde526c40fc4e/merged\\\" at \\\"/var/lib/docker/overlay/12d4e68c278b04b1463933f352a87ac2ede13944aa11511b505bde526c40fc4e/merged/etc/resolv.conf\\\" caused \\\"open /var/lib/docker/overlay/12d4e68c278b04b1463933f352a87ac2ede13944aa11511b505bde526c40fc4e/merged/etc/resolv.conf: read-only file system\\\"\""
  Warning  BackOff                1m               kubelet, node5     Back-off restarting failed container
  Normal   Pulling                1m (x3 over 1m)  kubelet, node5     pulling image "andyshinn/dnsmasq:latest"
  Normal   Pulled                 1m (x3 over 1m)  kubelet, node5     Successfully pulled image "andyshinn/dnsmasq:latest"
  Normal   Created                1m (x3 over 1m)  kubelet, node5     Created container
  Warning  Failed                 1m               kubelet, node5     Error: failed to start container "dnsmasq": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\\"/var/lib/docker/containers/28522215b76e8d67a463d0febd262c5d34e939478a4ba42f0da9b961781dc975/resolv.conf\\\" to rootfs \\\"/var/lib/docker/overlay/2e7ffc4e24bf357e60de4defaecb7b133d9dcc018e8f4ff0361128773b0deae3/merged\\\" at \\\"/var/lib/docker/overlay/2e7ffc4e24bf357e60de4defaecb7b133d9dcc018e8f4ff0361128773b0deae3/merged/etc/resolv.conf\\\" caused \\\"open /var/lib/docker/overlay/2e7ffc4e24bf357e60de4defaecb7b133d9dcc018e8f4ff0361128773b0deae3/merged/etc/resolv.conf: read-only file system\\\"\""
  Normal   Scheduled              38s              default-scheduler  Successfully assigned dnsmasq-c8f9bfd68-kz8cx to node5

The text was updated successfully, but these errors were encountered:

13567436138 · 2018-05-07T07:12:09Z

apiVersion: v1
kind: ConfigMap
metadata:
  name: dnsmasq-configmap
data:
  dnsmasq.conf: |
    resolv-file=/etc/resolv.dnsmasq
    addn-hosts=/etc/dnsmasqhosts
  dnsmasqhosts: |
    192.168.1.225 gw.api.taobao.com
  resolv.dnsmasq: |
    nameserver 114.114.114.114
    nameserver 8.8.8.8

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: dnsmasq
  labels:
    app: dnsmasq
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: dnsmasq
    spec:
      nodeSelector:
        deploy: app
      containers:
      - name: dnsmasq
        image: andyshinn/dnsmasq:latest
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
        readinessProbe:
          tcpSocket:
            port: 53
          initialDelaySeconds: 30
          timeoutSeconds: 1
        livenessProbe:
          tcpSocket:
            port: 53
          initialDelaySeconds: 30
          timeoutSeconds: 1
        ports:
        - containerPort: 53
          protocol: UDP
          name: dns-udp
        - containerPort: 53
          protocol: TCP
          name: dns-tcp  
        
        volumeMounts:
        - name: config-volume
          mountPath: /etc
        
      volumes:
        - name: config-volume
          configMap:
            name: dnsmasq-configmap
---
apiVersion: v1
kind: Service
metadata:
  name: dnsmasq
  labels:
    app: dnsmasq
spec:
  ports:
  - port: 53
    targetPort: 53
    protocol: TCP
    name: dns-tcp
  - port: 53
    targetPort: 53
    protocol: UDP
    name: dns-udp
  selector:
    app: dnsmasq

dims · 2018-05-07T12:37:49Z

/sig storage

13567436138 · 2018-05-09T02:20:21Z

I found the problem ,the mountpath is not correct

xiyangxdy · 2019-01-21T02:25:24Z

I have a similar problem. Where did you modify it, Can you tell me?

dvoros · 2019-02-04T13:42:33Z

@xiyangxdy you'd have to modify the mountPath: /etc part not to overmount /etc with a read-only fs.

xiyangxdy · 2019-02-19T08:10:11Z

@dvoros Thanks, I modify mountPath: /etc, It's running.

va3093 · 2021-10-04T14:05:00Z

For anyone who do not know exactly what the problem here is. When you mount a config map it creates a read only directory for the files in your config map. When you set the mount point to be etc it will not work because it looks like k8s tries and save other files to that dir like resolv.conf

To fix this, change your mountPath from a shared directory like /etc to one specific to your app. Like /etc/myapp. myapp will become a read only directory, but thats ok because only you are using that directory.

k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label May 7, 2018

k8s-ci-robot added sig/storage Categorizes an issue or PR as relevant to SIG Storage. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels May 7, 2018

13567436138 closed this as completed May 9, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

configmap mount fail read-only file system #63477

configmap mount fail read-only file system #63477

13567436138 commented May 7, 2018

13567436138 commented May 7, 2018

dims commented May 7, 2018

13567436138 commented May 9, 2018

xiyangxdy commented Jan 21, 2019

dvoros commented Feb 4, 2019

xiyangxdy commented Feb 19, 2019

va3093 commented Oct 4, 2021

configmap mount fail read-only file system #63477

configmap mount fail read-only file system #63477

Comments

13567436138 commented May 7, 2018

13567436138 commented May 7, 2018

dims commented May 7, 2018

13567436138 commented May 9, 2018

xiyangxdy commented Jan 21, 2019

dvoros commented Feb 4, 2019

xiyangxdy commented Feb 19, 2019

va3093 commented Oct 4, 2021