farhoodlabs/paperclip-adapter-claude-k8s
8
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: mount shared PVC into write-prompt init container #12

Open
kkroo wants to merge 1 commits from kkroo/fix/init-container-data-mount into master
pull from: kkroo/fix/init-container-data-mount
merge into: farhoodlabs:master
Conversation 0 Commits 1 Files Changed 1
+5 -1
kkroo commented 2026-04-29 20:22:37 +00:00 (Migrated from github.com)
Copy Link
Copy Source

Problem

The `write-prompt` init container runs `mkdir -p /paperclip/instances/default/run-logs//` before the main `claude` container starts. The init container's `volumeMounts` only includes `prompt` (and `prompt-secret` on the large-prompt path); the shared `data` PVC mounted at `/paperclip` in the main container is missing.

So the mkdir tries to create `/paperclip` in the busybox overlay rootfs, where uid 1000 cannot write at `/`, and the Job fails before the main container ever runs:

```
mkdir: can't create directory '/paperclip/': Permission denied
```

Reproduced on kubeadm v1.35.3 / containerd 2.2.x / cephfs RWX with adapter v0.2.1 against `paperclip-adapter-claude-k8s@0.2.1` from npm.

Fix

Add `{ name: "data", mountPath: "/paperclip" }` to both branches of `initContainer.volumeMounts` (`useLargePromptPath` true and false) in `src/server/job-manifest.ts`. With the data mount in scope, the existing `mkdir -p /paperclip/.../run-logs/...` writes to the same shared PVC the main `claude` container reads from.

Verification

Reproduced the failure, applied the fix, and re-ran an end-to-end heartbeat against a real Paperclip control plane:

  • Without fix: pod `Init:Error`, init exit 1, `mkdir: can't create directory '/paperclip/': Permission denied`.
  • With fix: pod `Succeeded`, main container reaches the `claude` binary and exits cleanly.

The shared PVC is the same one the main container mounts (claim `paperclip-data`, RWX cephfs in our deployment), so no other manifest changes are needed.

Notes

  • I haven't added tests — the existing `job-manifest.test.ts` covers a lot of init-container shape but doesn't pin the mount list. Happy to add a test asserting both init branches include the `data` volumeMount if you'd prefer.
  • I didn't bump version — assumed maintainer prerogative for the release cadence.
  • The companion repo `paperclip-adapter-opencode-k8s` v0.1.38 is not affected — its init container only writes to `/tmp/prompt` and never touches `/paperclip`.
## Problem The \`write-prompt\` init container runs \`mkdir -p /paperclip/instances/default/run-logs/<companyId>/<agentId>\` before the main \`claude\` container starts. The init container's \`volumeMounts\` only includes \`prompt\` (and \`prompt-secret\` on the large-prompt path); the shared \`data\` PVC mounted at \`/paperclip\` in the main container is missing. So the mkdir tries to create \`/paperclip\` in the busybox overlay rootfs, where uid 1000 cannot write at \`/\`, and the Job fails before the main container ever runs: \`\`\` mkdir: can't create directory '/paperclip/': Permission denied \`\`\` Reproduced on kubeadm v1.35.3 / containerd 2.2.x / cephfs RWX with adapter v0.2.1 against \`paperclip-adapter-claude-k8s@0.2.1\` from npm. ## Fix Add \`{ name: "data", mountPath: "/paperclip" }\` to both branches of \`initContainer.volumeMounts\` (\`useLargePromptPath\` true and false) in \`src/server/job-manifest.ts\`. With the data mount in scope, the existing \`mkdir -p /paperclip/.../run-logs/...\` writes to the same shared PVC the main \`claude\` container reads from. ## Verification Reproduced the failure, applied the fix, and re-ran an end-to-end heartbeat against a real Paperclip control plane: - Without fix: pod \`Init:Error\`, init exit 1, \`mkdir: can't create directory '/paperclip/': Permission denied\`. - With fix: pod \`Succeeded\`, main container reaches the \`claude\` binary and exits cleanly. The shared PVC is the same one the main container mounts (claim \`paperclip-data\`, RWX cephfs in our deployment), so no other manifest changes are needed. ## Notes - I haven't added tests — the existing \`job-manifest.test.ts\` covers a lot of init-container shape but doesn't pin the mount list. Happy to add a test asserting both init branches include the \`data\` volumeMount if you'd prefer. - I didn't bump version — assumed maintainer prerogative for the release cadence. - The companion repo \`paperclip-adapter-opencode-k8s\` v0.1.38 is **not** affected — its init container only writes to \`/tmp/prompt\` and never touches \`/paperclip\`.
This pull request is broken due to missing fork information.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin kkroo/fix/init-container-data-mount:kkroo/fix/init-container-data-mount
git checkout kkroo/fix/init-container-data-mount
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
fl_blake (Blake MIddleware) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) flux (Flux CD) admin (Gitea Admin) fl_hugh (Hugh Commit) renovate (Mend Renovate) fl_warren (Warren Bufferpool)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: farhoodlabs/paperclip-adapter-claude-k8s#12
Delete Branch "kkroo/fix/init-container-data-mount"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?