Can InfluxDB2 be started with a pre-existing influx-configs file?

[stianlagstad]

I'd like to run InfluxDB2 in a docker container in Kubernetes, and I'd like to avoid having to manually setup a user. I do know from https://hub.docker.com/_/influxdb that it's possible to do this using environment variables, and I've made that work, but I'd like to do this using a kubernetes secret instead and mount that as the file /etc/influxdb2/influx-configs in the container.

I have this secret:

apiVersion: v1
kind: Secret
metadata:
  name: influxdb-org-user-auth-secret
stringData:
  influx-configs: |+
    [default]
      url = "http://localhost:8086"
      token = "token_token_token_token"
      org = "initial_organization"
      active = true

And I'm mounting it like this in my statefulset:

...
                volumeMounts:
                  - name: influxdb-org-user-auth
                    readOnly: true
                    mountPath: "/etc/influxdb2"
...
            volumes:
              - name: influxdb-org-user-auth
                secret:
                  secretName: influxdb-org-user-auth-secret

And this seems to work. If I go into the container I can see this:

I have no name!@influxdb-0:/$ cat /etc/influxdb2/influx-configs
[default]
  url = "http://localhost:8086"
  token = "token_token_token_token"
  org = "initial_organization"
  active = true

I can also see that it seems to be a symbolic link:

I have no name!@influxdb-0:/$ ls -ahl /etc/influxdb2/influx-configs
lrwxrwxrwx 1 root 20000 21 May  5 10:49 /etc/influxdb2/influx-configs -> ..data/influx-configs

However, if I port forward (kubectl -n observability port-forward influxdb-0 8086:8086) and open browser at http://localhost:8086 I'm redirected to http://localhost:8086/onboarding/0, which seems to indicate that my efforts failed.

Here are the initial logs of the influxdb container:

chmod: changing permissions of '/var/lib/influxdb2': Operation not permitted
chmod: changing permissions of '/etc/influxdb2': Read-only file system
2022-05-05T10:49:57.580064860Z    warn    boltdb not found at configured path, but DOCKER_INFLUXDB_INIT_MODE not specified, skipping setup wrapper    {"system": "docker", "bolt_path": ""}
ts=2022-05-05T10:49:57.703727Z lvl=info msg="Welcome to InfluxDB" log_id=0aGyIUml000 version=2.1.1 commit=657e1839de build_date=2021-11-09T03:03:48Z
ts=2022-05-05T10:49:57.707452Z lvl=info msg="Resources opened" log_id=0aGyIUml000 service=bolt path=/var/lib/influxdb2/influxd.bolt
ts=2022-05-05T10:49:57.707518Z lvl=info msg="Resources opened" log_id=0aGyIUml000 service=sqlite path=/var/lib/influxdb2/influxd.sqlite
ts=2022-05-05T10:49:57.708371Z lvl=info msg="Bringing up metadata migrations" log_id=0aGyIUml000 service="KV migrations" migration_count=18
ts=2022-05-05T10:49:57.797799Z lvl=info msg="Bringing up metadata migrations" log_id=0aGyIUml000 service="SQL migrations" migration_count=3
ts=2022-05-05T10:49:57.805939Z lvl=info msg="Using data dir" log_id=0aGyIUml000 service=storage-engine service=store path=/var/lib/influxdb2/engine/data
ts=2022-05-05T10:49:57.805974Z lvl=info msg="Compaction settings" log_id=0aGyIUml000 service=storage-engine service=store max_concurrent_compactions=8 throughput_bytes_per_second=50331648 throughput_bytes_per_second_burst=50331648
ts=2022-05-05T10:49:57.805986Z lvl=info msg="Open store (start)" log_id=0aGyIUml000 service=storage-engine service=store op_name=tsdb_open op_event=start
ts=2022-05-05T10:49:57.806024Z lvl=info msg="Open store (end)" log_id=0aGyIUml000 service=storage-engine service=store op_name=tsdb_open op_event=end op_elapsed=0.037ms
ts=2022-05-05T10:49:57.806043Z lvl=info msg="Starting retention policy enforcement service" log_id=0aGyIUml000 service=retention check_interval=30m
ts=2022-05-05T10:49:57.806049Z lvl=info msg="Starting precreation service" log_id=0aGyIUml000 service=shard-precreation check_interval=10m advance_period=30m
ts=2022-05-05T10:49:57.806082Z lvl=info msg="Starting query controller" log_id=0aGyIUml000 service=storage-reads concurrency_quota=1024 initial_memory_bytes_quota_per_query=9223372036854775807 memory_bytes_quota_per_query=9223372036854775807 max_memory_bytes=0 queue_size=1024
ts=2022-05-05T10:49:57.806839Z lvl=info msg="Configuring InfluxQL statement executor (zeros indicate unlimited)." log_id=0aGyIUml000 max_select_point=0 max_select_series=0 max_select_buckets=0
ts=2022-05-05T10:49:58.091674Z lvl=info msg=Listening log_id=0aGyIUml000 service=tcp-listener transport=http addr=:8086 port=8086
ts=2022-05-05T10:49:58.091705Z lvl=info msg=Starting log_id=0aGyIUml000 service=telemetry interval=8h

Should this be possible? If so, what am I missing? Thanks for reading!
(I've also posted this here: https://stackoverflow.com/questions/72126100/bootstrap-influxdb-2-in-a-docker-container-with-pre-existing-influx-configs-file)

[PauloJFCabral]

I have the same problem.

[raven-2014]

I have the same issue. I run influxdb on an UBUNTU server in docker. I like to use my Synology NAS as a persistent store for the influx database. The NAS directory is mounted and owned by root. It looks like the influxdb docker container always runs as user:1000. I guess, this combination creates the issue for me. I have not been able to figure out how to make it work (I am not a Linux expert, I have to admit). Any help is appreciated.
I have a similar constellation with Frigate, also using the NAS as persistent storage. Frigate runs as root though, and this works fine.

[strophy]

This problem might be related to this issue: kubernetes/kubernetes#62099

I don't think it's possible to set permissions on ConfigMaps and Secrets mounted as files, I was running into a similar error like chown: changing ownership of '/etc/influxdb2/config.yml': Read-only file system. Instead, use an initContainer to copy the ConfigMap/Secret to a file on another volume, then mount that volume into the target container like this simplified example using ConfigMaps:

    spec:
      containers:
        - envFrom:
            - configMapRef:
                name: influxdb-env
                optional: false
          image: influxdb:2.7.7
          imagePullPolicy: Always
          name: influxdb
          ports:
            - containerPort: 8086
              name: influxdb
              protocol: TCP
          readinessProbe:
            failureThreshold: 10
            httpGet:
              path: /ping
              port: 8086
              scheme: HTTPS
            initialDelaySeconds: 3
            periodSeconds: 30
            successThreshold: 1
            timeoutSeconds: 1
          volumeMounts:
            - mountPath: /etc/ssl/influxdb-selfsigned.crt
              name: influxdb-certs-volume
              readOnly: true
              subPath: tls.crt
            - mountPath: /etc/ssl/influxdb-selfsigned.key
              name: influxdb-certs-volume
              readOnly: true
              subPath: tls.key
            - mountPath: /etc/influxdb2/config.yml
              name: config-writable
              subPath: config.yml
            - mountPath: /var/lib/influxdb2
              name: influxdb-volume
      initContainers:
        - command:
            - sh
            - '-c'
            - cp /config/config.yml /config-writable/config.yml
          image: busybox
          imagePullPolicy: Always
          name: copy-influxdb-config
          volumeMounts:
            - mountPath: /config-writable
              name: config-writable
            - mountPath: /config/config.yml
              name: influxdb-config-volume
              subPath: config.yml