Hi there! The Okteto manifest allows you to override some of the container’s security context for development purposes: Okteto Manifest | Okteto Documentation
One of the settings it’s missing is the “readOnlyRootFilesystem” setting, which we have enabled on all our containers by default because of recommendations from security scanners like Checkov. For the dev containers, it seems we need to write to the root filesystem because of some python-specific setup requirements when initializing them.
It’s definitely possible for us to overlay another values.<env>.yaml file via Helm to change this for remote-dev workloads, but it’d be much more convenient if the okteto manifest let us alter this. I’m not sure if it’s possible or easy either way, given how these directories are already mounted by the workload before the dev container starts, but figured I’d ask.
This is what happens in our python app when we try to connect a dev container via okteto up
Persistent volume successfully attached
✓ Images successfully pulled
✓ Files synchronized
Context: <on-prem-url>
Namespace: <me>
Name: api
Forward: 30005 -> 5000
30006 -> 3306
Reverse: 5556 <- 5556
Defaulting to user installation because normal site-packages is not writeable
Obtaining file:///api
Preparing metadata (setup.py) ... done
WARNING: Error parsing requirements for api: Invalid URL: wheelhouse/marshmallow_v1
Installing collected packages: api
Running setup.py develop for api
error: subprocess-exited-with-error
× python setup.py develop did not run successfully.
│ exit code: 1
╰─> [27 lines of output]
running develop
error: can't create or remove files in install directory
The following error occurred while trying to add or remove files in the
installation directory:
[Errno 30] Read-only file system: '/root/.local/lib/python3.8/site-packages/test-easy-install-90.write-test'
The installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:
/root/.local/lib/python3.8/site-packages
Perhaps your account does not have write access to this directory? If the
installation directory is a system-owned directory, you may need to sign in
as the administrator or "root" account. If you do not have administrative
access to this machine, you may wish to choose a different installation
directory, preferably one that is listed in your PYTHONPATH environment
variable.
For information on other options, you may wish to consult the
documentation at:
https://setuptools.readthedocs.io/en/latest/deprecated/easy_install.html
Please make the appropriate changes for your system and try again.
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error