Run Delegate on K8s with root file system as read-only

Description: Due to security reasons, we might want to run a delegate on K8s with the root file system as read-only. This causes delegates to fail and not start.

Additional constraints:

  1. Allow exec permissions in rootFileSystem i.e allow from /opt/harness-delegate but do not allow write in the /opt/harness-delegate.
  2. Mount additional volumes where we want ALL writes to happen but do not allow any exec from this directory.

Summary: Exec permissions and Write permissions are not allowed together on the same directory/mount point.


Create a script to work with PVC instead of emptyDir.

  1. Introduce a new env in delegate yaml to let customer specify a “working directory”.
    a. Is it possible to use the HOME env variable defined in Delegate YAML?
  2. Make changes to the CD swimlane to use the directory directory to perform all write operations, for e.g
    a. All writes to/tmp
    b. Creating helm repo yaml (add repo command)
    c. Git clone
    d. Terraform
1 Like