Hello, Our project has a VPN connection which is made possible through strongwan and ipsec. The strongswan is already installed on the docker container. On deploying I get this error when I try to mount the configmap of the ipsec on the /etc path. This is the error I get
Error: failed to start container "app": Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"/var/lib/docker/containers/bc3d69899f3daaa0a69be4484a837d2425966ed37662d6af3e7c5f42f8221e75/resolv.conf\\\" to rootfs \\\"/var/lib/docker/overlay2/66fde65c364c22afcd2ea303dd3e0ddc0cb2364637021105500ee1c5c661db0c/merged\\\" at \\\"/var/lib/docker/overlay2/66fde65c364c22afcd2ea303dd3e0ddc0cb2364637021105500ee1c5c661db0c/merged/etc/resolv.conf\\\" caused \\\"open /var/lib/docker/overlay2/66fde65c364c22afcd2ea303dd3e0ddc0cb2364637021105500ee1c5c661db0c/merged/etc/resolv.conf: read-only file system\\\"\"": unknown
This is my deployment yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: watuglobal
labels:
tier: backend
spec:
replicas: 1
selector:
matchLabels:
app: watuglobal
tier: backend
template:
metadata:
labels:
app: watuglobal
tier: backend
spec:
volumes:
- name: nginx-config
configMap:
name: laravel-nginx-config
items:
- key: config
path: default.conf
- name: ipsec-config
configMap:
name: ipsec-config
items:
- key: config
path: ipsec.conf
- name: ipsec-secrets
configMap:
name: ipsec-secrets
items:
- key: config
path: ipsec.secrets
- name: strongswan-config
configMap:
name: strongswan-config
items:
- key: config
path: strongswan.conf
initContainers:
- args:
- /bin/bash
- -c
- (php artisan migrate --force|| true) && (php artisan db:seed || true) && (php artisan optimize)
imagePullPolicy: Always
name: artisan
image: ${IMAGE_NAME}:$COMMIT_SHA1
containers:
- name: watuglobal
image: ${IMAGE_NAME}:$COMMIT_SHA1
ports:
- containerPort: 80
securityContext:
capabilities:
add:
- NET_ADMIN
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/sites-enabled
imagePullSecrets:
- name: registry-secret
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: watuglobal-horizon
name: watuglobal-horizon
spec:
replicas: 1
revisionHistoryLimit: 1
selector:
matchLabels:
app: watuglobal-horizon
template:
metadata:
labels:
app: watuglobal-horizon
spec:
containers:
- args:
- /bin/bash
- -c
- php artisan horizon
image: ${IMAGE_NAME}:$COMMIT_SHA1
imagePullPolicy: Always
name: watuglobal-horizon
resources:
limits:
cpu: 500m
memory: 1G
requests:
cpu: 250m
memory: 500M
imagePullSecrets:
- name: registry-secret
Kindly assist me on this, I’ve been on this for quite a while. Thank you