Facing permissions issue for the openshift k8s pod logs for langflow backend end service #57
Description
Hi Team,
We have deployed the helm chart in Openshift Kubernetes. the sample yaml file provided below with connectivity to External Postgresql database.
Facing permissions issue for the openshift k8s pod logs for langflow backend end service as its trying to write the logs to the below folder /var/log/pods/. I tried to create a PVC and mount to the container as /var/log and tried changing the path of the LANGFLOW_LOG_FILE to a different path but it does not seem to work. please suggest
postgresql:
enabled: false
langflow:
backend:
resources:
requests:
cpu: 2000m
memory: 8Gi
image:
repository: langflowai/langflow
imagePullPolicy: IfNotPresent
tag: 1.5.0
externalDatabase:
enabled: true
driver:
value: "postgresql"
host:
value: "langflow-db-dev2-postgresql.langflow-dev.svc.cluster.local"
port:
value: "5432"
database:
value: "langflow_db"
user:
value: "langflow"
password:
valueFrom:
secretKeyRef:
key: "password"
name: "langflow-db-secret"
sqlite:
enabled: false
env:
- name: LANGFLOW_PORT
value: "7860"
- name: LANGFLOW_ALEMBIC_LOG_FILE
value: "/app/db/alembic.log"
- name: LANGFLOW_UPDATE_STARTER_PROJECTS
value: "false"
- name: LANGFLOW_CONFIG_DIR
value: "/app/logs"
- name: LANGFLOW_LOG_FILE
value: "/var/log/langflow_backend_service.log"
volumes:
- name: flows
persistentVolumeClaim:
claimName: langflow-dev-backend-flows-dir-pvc-rwx
- name: tmp
persistentVolumeClaim:
claimName: langflow-dev-backend-tmp-dir-pvc-rwx
- name: data
persistentVolumeClaim:
claimName: langflow-dev-backend-data-dir-pvc-rwx
- name: db
persistentVolumeClaim:
claimName: langflow-dev-backend-db-dir-pvc-rwx
- name: cache
persistentVolumeClaim:
claimName: langflow-dev-backend-cache-dir-pvc-rwx
- name: memory
persistentVolumeClaim:
claimName: langflow-dev-backend-memory-dir-pvc-rwx
- name: composio
persistentVolumeClaim:
claimName: langflow-dev-backend-composio-dir-pvc-rwx
- name: logs
persistentVolumeClaim:
claimName: langflow-dev-backend-logs-dir-pvc-rwx
- name: var-log
persistentVolumeClaim:
claimName: langflow-dev-backend-var-logs-dir-pvc-rwx
volumeMounts:
- name: flows
mountPath: /app/flows
readOnly: false
- name: tmp
mountPath: /tmp
readOnly: false
- name: data
mountPath: /app/data
readOnly: false
- name: db
mountPath: /app/db
readOnly: false
- name: cache
mountPath: /.cache
readOnly: false
- name: memory
mountPath: /.mem0
readOnly: false
- name: composio
mountPath: /.composio
readOnly: false
- name: logs
mountPath: /app/logs
readOnly: false
- name: var-log
mountPath: /var/log
readOnly: false
securityContext:
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1001480000
runAsGroup: 1001480000
allowPrivilegeEscalation: false
podSecurityContext:
runAsNonRoot: true
runAsUser: 1001480000
runAsGroup: 1001480000
fsGroup: 1001480000
seccompProfile:
type: RuntimeDefault
frontend:
enabled: true
replicaCount: 1
resources:
requests:
cpu: 1000m
memory: 8Gi
volumes:
- name: langflow-dev-frontend-tmp-dir
persistentVolumeClaim:
claimName: langflow-dev-frontend-tmp-dir-pvc-rwx
volumeMounts:
- name: langflow-dev-frontend-tmp-dir
mountPath: /tmp
readOnly: false
image:
repository: langflowai/langflow-frontend
imagePullPolicy: IfNotPresent
tag: 1.5.0
serviceAccount:
create: false
annotations: {}
name: "default"
securityContext:
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001480000
allowPrivilegeEscalation: false
runAsGroup: 1001480000
podSecurityContext:
fsGroup: 1001480000
runAsUser: 1001480000
runAsNonRoot: true
runAsGroup: 1001480000
seccompProfile:
type: RuntimeDefault