28 lines
866 B
Bash
28 lines
866 B
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
# Ensure /app/data is the only writable location for dexorder user
|
|
# All other directories should be read-only (enforced by k8s readOnlyRootFilesystem)
|
|
|
|
# Fix permissions on mounted volume (k8s may mount with different ownership)
|
|
if [ -d /app/data ]; then
|
|
# Check if we can write to /app/data - if not, something is wrong
|
|
if [ ! -w /app/data ]; then
|
|
echo "ERROR: /app/data is not writable by dexorder user"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "ERROR: /app/data does not exist"
|
|
exit 1
|
|
fi
|
|
|
|
# Ensure /app/config and /app/secrets are read-only (should already be via k8s mount)
|
|
for dir in /app/config /app/secrets; do
|
|
if [ -d "$dir" ] && [ -w "$dir" ]; then
|
|
echo "WARNING: $dir is writable but should be read-only"
|
|
fi
|
|
done
|
|
|
|
# Execute the main application
|
|
exec /opt/conda/envs/dexorder/bin/python /app/main.py "$@"
|