Hi there! The Okteto manifest allows you to override some of the container’s security context for development purposes: Okteto Manifest | Okteto Documentation
One of the settings it’s missing is the “readOnlyRootFilesystem” setting, which we have enabled on all our containers by default because of recommendations from security scanners like Checkov. For the dev containers, it seems we need to write to the root filesystem because of some python-specific setup requirements when initializing them.
It’s definitely possible for us to overlay another
values.<env>.yaml file via Helm to change this for remote-dev workloads, but it’d be much more convenient if the okteto manifest let us alter this. I’m not sure if it’s possible or easy either way, given how these directories are already mounted by the workload before the dev container starts, but figured I’d ask.
This is what happens in our python app when we try to connect a dev container via
Persistent volume successfully attached ✓ Images successfully pulled ✓ Files synchronized Context: <on-prem-url> Namespace: <me> Name: api Forward: 30005 -> 5000 30006 -> 3306 Reverse: 5556 <- 5556 Defaulting to user installation because normal site-packages is not writeable Obtaining file:///api Preparing metadata (setup.py) ... done WARNING: Error parsing requirements for api: Invalid URL: wheelhouse/marshmallow_v1 Installing collected packages: api Running setup.py develop for api error: subprocess-exited-with-error × python setup.py develop did not run successfully. │ exit code: 1 ╰─> [27 lines of output] running develop error: can't create or remove files in install directory The following error occurred while trying to add or remove files in the installation directory: [Errno 30] Read-only file system: '/root/.local/lib/python3.8/site-packages/test-easy-install-90.write-test' The installation directory you specified (via --install-dir, --prefix, or the distutils default setting) was: /root/.local/lib/python3.8/site-packages Perhaps your account does not have write access to this directory? If the installation directory is a system-owned directory, you may need to sign in as the administrator or "root" account. If you do not have administrative access to this machine, you may wish to choose a different installation directory, preferably one that is listed in your PYTHONPATH environment variable. For information on other options, you may wish to consult the documentation at: https://setuptools.readthedocs.io/en/latest/deprecated/easy_install.html Please make the appropriate changes for your system and try again. [end of output] note: This error originates from a subprocess, and is likely not a problem with pip. error: subprocess-exited-with-error