feat(ocis): Add writable /tmp volume to web deployment

Adds an emptyDir volume mounted at /tmp for the web deployment. This resolves 500 errors during POST/DELETE operations for branding logos, which require a writable temporary directory for multipart data spooling on a read-only root filesystem.
2026-05-03 03:25:18 +02:00 · 2026-05-03 03:25:18 +02:00 · cc1913b140
parent 122e03f3ec
commit cc1913b140
5 changed files with 29 additions and 3 deletions
--- a/prototypes/ocis/ytt/web-tmp-volume.ytt.yaml
+++ b/prototypes/ocis/ytt/web-tmp-volume.ytt.yaml
@ -0,0 +1,22 @@
+#@ load("@ytt:overlay", "overlay")
+
+#! Add a writable /tmp emptyDir to the web Deployment. Without it,
+#! POST/DELETE /branding/logo (multipart spool via os.CreateTemp on
+#! the read-only rootfs) returns 500.
+
+#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata": {"name": "web"}})
+---
+spec:
+  template:
+    spec:
+      containers:
+        #@overlay/match by=overlay.subset({"name": "web"})
+        -
+          volumeMounts:
+            #@overlay/append
+            - name: tmp
+              mountPath: /tmp
+      volumes:
+        #@overlay/append
+        - name: tmp
+          emptyDir: {}
--- a/rendered/envs/production/ocis/configmap-auth-service.yaml
+++ b/rendered/envs/production/ocis/configmap-auth-service.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  service-account-id: 6e0e0096-95c0-428e-802d-494cd15a70c2
+  service-account-id: 7745f1cb-6a58-4dff-a4cb-20ade610b272
 kind: ConfigMap
 metadata:
  annotations:
--- a/rendered/envs/production/ocis/configmap-graph.yaml
+++ b/rendered/envs/production/ocis/configmap-graph.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  application-id: 0f44b6c4-08bf-40fd-92c4-fd20a5359244
+  application-id: a08019f1-31c0-463c-b995-1b0c2b3ec40a
 kind: ConfigMap
 metadata:
  annotations:
--- a/rendered/envs/production/ocis/configmap-storage-users.yaml
+++ b/rendered/envs/production/ocis/configmap-storage-users.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  storage-uuid: 0960ac4f-5101-4abf-a28c-6b8202b505fd
+  storage-uuid: 513cedd1-91ec-4f97-b9d3-6db1c68ef6a2
 kind: ConfigMap
 metadata:
  annotations:
--- a/rendered/envs/production/ocis/deployment-web.yaml
+++ b/rendered/envs/production/ocis/deployment-web.yaml
@ -125,6 +125,8 @@ spec:
              name: apps
            - mountPath: /var/lib/ocis
              name: web-data
+            - mountPath: /tmp
+              name: tmp
      nodeSelector: {}
      securityContext:
        fsGroup: 1000
@ -140,3 +142,5 @@ spec:
        - name: web-data
          persistentVolumeClaim:
            claimName: web-data
+        - emptyDir: {}
+          name: tmp