Configmap to a suricata container

Hello everyone,

I am trying to create a configmap to overwrite an existing configuration file in a Suricata container (a network monitoring tool), but I am getting an error message about a read-only filesystem, as shown in the attached image.

I have tried this on an nginx container and it works fine. How can I resolve this issue, or do you have any other ways I can easily overwrite a config file?

Below is my YAML configuration file:
apiVersion: v1
kind: Pod
metadata:
name: suricata # naamgeving voor de pod
annotations:
scheduler.alpha.kubernetes.io/cpuset: 0-2
spec:
containers:
- name: suricata # naamgeving voor de container
image: jasonish/suricata
volumeMounts:
- name: suricata-mount-config
mountPath: /etc/suricata
readOnly: true
resources:
limits:
cpu: “2”
memory: 512Mi
requests:
cpu: “2”
memory: 512Mi
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_NICE
args:
- “-i eth0”
volumes:

  • name: suricata-mount-config
    configMap:
    name: suricataconfig

nodeSelector:
naam: worker-node1

Thank you!

The error message suggests that the filesystem in the container is mounted as read-only, which means you cannot write to it. In your YAML configuration file, you have specified the volume mount for the config file as read-only using the readOnly: true option. This is causing the error when you try to overwrite the file.

To resolve this issue, you can remove the readOnly: true option from the volume mount configuration. This will allow you to write to the file in the container. However, keep in mind that this will make the file writable by anyone who has access to the container, which could pose a security risk.

Another approach you can take is to use a ConfigMap to store your configuration file and mount it as a read-only volume in your container. This will allow you to easily update the configuration file by updating the ConfigMap. Here’s an example YAML configuration file:

yamlCopy code

apiVersion: v1
kind: ConfigMap
metadata:
  name: suricata-config
data:
  suricata.yaml: |
    # your configuration file contents go here

---
apiVersion: v1
kind: Pod
metadata:
  name: suricata
spec:
  containers:
  - name: suricata
    image: jasonish/suricata
    volumeMounts:
    - name: suricata-config
      mountPath: /etc/suricata
      readOnly: true
    resources:
      limits:
        cpu: "2"
        memory: 512Mi
      requests:
        cpu: "2"
        memory: 512Mi
    securityContext:
      capabilities:
        add:
        - NET_ADMIN
        - NET_RAW
        - SYS_NICE
    args:
    - "-i eth0"
  volumes:
  - name: suricata-config
    configMap:
      name: suricata-config

In this example, we create a ConfigMap named suricata-config that contains the contents of your configuration file. We then mount this ConfigMap as a read-only volume in the container. To update the configuration file, you can simply update the suricata-config ConfigMap.

Hello, by removing the readOnly:true option doesnt solve this issue. I have indeed mounted a configmap as a read-only within a container but i still get the same error… (

I have tried with a different approach and that is with a init container that shares the same volume with the main container trough emptyDir that has rw capabilities. I have copied the configmap into the emptyDir container which i have mounted to the main container and i could see that the contents of a configmap was indeed placed. However if i wanted to overwrite a existing file i get an error with something that the file has a broken syslink. So i tried to delete the config file first before copying it. But once i do the command rm it doesnt delete the file. but when i make a file to it touch then i could see the file was created.

Blockquote

apiVersion: v1
kind: Pod
metadata:
name: suricata1 # naamgeving voor de pod
annotations:
scheduler.alpha.kubernetes.io/cpuset: 0-2
spec:
initContainers:

  • name: init-config
    image: busybox
    securityContext:
    runAsUser: 998
    runAsGroup: 996
    command:

    • sh
    • -c
    • cp -R /configmap/* /tmp/suricata/

    volumeMounts:

    • name: suricata-mount-config
      mountPath: /configmap
    • name: tmp-volume
      mountPath: /tmp/suricata
  • name: init-config2
    image: busybox
    securityContext:
    runAsUser: 998
    runAsGroup: 996
    command:

    • sh
    • -c
    • rm -f /tmp/suricata/suricata.yaml

    volumeMounts:

    • name: suricata-mount-config
      mountPath: /configmap
    • name: tmp-volume
      mountPath: /tmp/suricata

    #command:
    #- sh
    #- -c
    #- touch /etc/suricata/test.txt

containers:
- name: suricata2 # naamgeving voor de container
image: jasonish/suricata
volumeMounts:
- name: tmp-volume
mountPath: /etc/suricata
# readOnly: true

  resources:
    limits:
      cpu: "1"
      memory: 512Mi
    requests:
      cpu: "1"
      memory: 512Mi
  securityContext:
    capabilities: 
      add: 
      - NET_ADMIN 
      - NET_RAW 
      - SYS_NICE 
  args:
  - "-i eth0"  

volumes:

  • name: suricata-mount-config
    configMap:
    name: suricataconfig

  • name: tmp-volume
    emptyDir: {}

nodeSelector:
naam: worker-node1

Hello Thanks for replying.

I have indeed used a configmap to mount it on the container, but i still get the same error…