Dmitry Meyerson
07/20/2023, 10:14 PMDmitry Meyerson
07/20/2023, 10:14 PM{"log.level":"info","@timestamp":"2023-07-20T22:11:42.790Z","log.logger":"cerbos.server","message":"maxprocs: No GOMAXPROCS change to reset"}
Thu, Jul 20 2023 5:11:42 pm
{"log.level":"error","@timestamp":"2023-07-20T22:11:42.790Z","log.logger":"cerbos.git.store","message":"Failed to initialize git store","dir":"/.cache/cerbos/git","error":"failed to create directory /.cache/cerbos/git: mkdir /.cache/cerbos: permission denied"}
Thu, Jul 20 2023 5:11:42 pm
{"log.level":"error","@timestamp":"2023-07-20T22:11:42.790Z","log.logger":"cerbos.server","message":"Failed to start server","error":"failed to create store: failed to create directory /.cache/cerbos/git: mkdir /.cache/cerbos: permission denied"}
Thu, Jul 20 2023 5:11:42 pm
cerbos: error: server.Cmd.Run(): failed to create store: failed to create directory /.cache/cerbos/git: mkdir /.cache/cerbos: permission denied
Dmitry Meyerson
07/20/2023, 10:15 PMpodSecurityContext:
fsGroup: 2000
securityContext:
runAsNonRoot: true
runAsUser: 1000
Dmitry Meyerson
07/20/2023, 10:18 PMDmitry Meyerson
07/20/2023, 10:28 PMCharith (Cerbos)
checkoutDir
config value: https://docs.cerbos.dev/cerbos/latest/configuration/storage.html#git-driver. If you don't specify that, Cerbos tries to write to XDG_CACHE_DIR
by default. Here's an example of how to configure the checkoutDir
in Helm: https://github.com/cerbos/cerbos/blob/main/deploy/charts/cerbos/values-git-storage.yaml.Dmitry Meyerson
07/21/2023, 1:58 PMDmitry Meyerson
07/21/2023, 3:43 PMCharith (Cerbos)
/etc/ssl/certs
. If you want to inspect it yourself, you can obtain a shell on the container using an ephemeral debug container: https://kubernetes.io/docs/tasks/debug/debug-application/debug-running-pod/#ephemeral-container