Running a Flask service inside a read only container

9/25/2020

I am in the process of hardening our k8s infrastructure and would like to mount (read only) some microservices written in python exposing a REST API using flask.

Assuming the service does not ever write any files to disk (duh), will flask under any circumstances need write permissions on the filesystem inside the container? Does flask cache anything on the disk by default?

-- fabian
containers
docker
flask
kubernetes
python

1 Answer

9/25/2020

Assuming the service does not ever write any files to disk (duh), will flask under any circumstances need write permissions on the filesystem inside the container? Does flask cache anything on the disk by default?

Assuming your service will NOT write any files - my understanding you dont need write permissions and nothing additionally will be written on disk. Will reproduce and come with results, but later.

Btw, while reading/investigation info I've found great article User privileges in Python containers that expains proper way of dealing with user permissions and consequences of running as non-root user.

-- Vit
Source: StackOverflow