fix(kafka): seed named volumes from the image instead of nocopy#67
Merged
Conversation
ContainerBuilder.withNamedVolume mounted volumes with VolumeOptions.withNoCopy(true), so a fresh data volume was never seeded from the image and stayed root-owned. Non-root images such as Redpanda cannot write to it and crash on startup (mkdir /var/lib/redpanda/data/crash_reports: Permission denied), so Managed Kafka clusters never reached ACTIVE. Apply nocopy only to read-only volumes, which are pre-populated and must not be overlaid by the image (e.g. Cloud Run GCS snapshots). Read-write data volumes (Kafka, Cloud SQL) are now seeded from the image, preserving the initialized directory and ownership. Verified: clusters reach ACTIVE in ~5s, and the Cloud Run read-only GCS volume mount is unchanged.
d0aedff to
f0418f9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ContainerBuilder.withNamedVolumemounted named volumes withVolumeOptions.withNoCopy(true), so a fresh data volume was never seeded from the image and stayed root-owned. Non-root images such as Redpanda cannot write to it and crash on startup, so Managed Kafka clusters never reachedACTIVE.Apply
nocopyonly to read-only volumes, which are pre-populated and must not be overlaid by the image (e.g. Cloud Run GCS snapshots). Read-write data volumes (Kafka, Cloud SQL) are now seeded from the image, preserving its initialized directory and ownership.Type of change
fix:)feat:)feat!:orfix!:)GCP Compatibility
No wire-protocol change. Fixed
mkdir /var/lib/redpanda/data/crash_reports: Permission denied→ Redpanda container exit → cluster stuckCREATING(the emulator's 90s readiness wait then timing out into "No route to host" against the dead container). Verified: clusters reachACTIVEin ~5s, the Java/Node/Python/Go Managed Kafka compat suites pass, and the Cloud Run read-only GCS volume mount (and its unit test) are unchanged. Also benefits any other non-root read-write sidecar (e.g. Cloud SQL Postgres).Checklist
./mvnw testpasses locally (incl.CloudRunRuntimeServiceTest)CloudRunRuntimeServiceTest+ the compatibility suites)