From a565f2e791017fbe916239e8e195e8b08e4bfb9f Mon Sep 17 00:00:00 2001
From: Robert Fratto <robert.fratto@grafana.com>
Date: Thu, 7 Jan 2021 19:15:10 -0500
Subject: [PATCH] don't mount /var/log as readonly (#314)

* don't mount /var/log as readonly

* update phrasing in changelog to explain what the issue was
---
 CHANGELOG.md                                         | 4 ++++
 production/kubernetes/agent-loki.yaml                | 1 -
 production/tanka/grafana-agent/v1/lib/loki.libsonnet | 5 +++--
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ad26c4319075..76b41e71cf41 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,10 @@ this platform. FreeBSD builds will return in a future release.
 - [BUGFIX] Integrations will now function if the HTTP listen address was set to
   a value other than the default. ([#206](https://github.com/grafana/agent/issues/206)) (@mattdurham) 
 
+- [BUGFIX] The default Loki installation will now be able to write its positions
+  file. This was prevented by accidentally writing to a readonly volume mount.
+  (@rfratto)
+
 # v0.9.1 (2021-01-04)
 
 NOTE: FreeBSD builds will not be included for this release. There is a bug in an
diff --git a/production/kubernetes/agent-loki.yaml b/production/kubernetes/agent-loki.yaml
index f147db311336..85a69ca59f8d 100644
--- a/production/kubernetes/agent-loki.yaml
+++ b/production/kubernetes/agent-loki.yaml
@@ -338,7 +338,6 @@ spec:
           name: grafana-agent-logs
         - mountPath: /var/log
           name: varlog
-          readOnly: true
         - mountPath: /var/lib/docker/containers
           name: varlibdockercontainers
           readOnly: true
diff --git a/production/tanka/grafana-agent/v1/lib/loki.libsonnet b/production/tanka/grafana-agent/v1/lib/loki.libsonnet
index 49aa57695efe..09d4c65b9d4a 100644
--- a/production/tanka/grafana-agent/v1/lib/loki.libsonnet
+++ b/production/tanka/grafana-agent/v1/lib/loki.libsonnet
@@ -67,8 +67,9 @@ local container = k.core.v1.container;
       container.mixin.securityContext.withRunAsUser(0),
 
     agent+:
-      // For reading docker containers
-      k.util.hostVolumeMount('varlog', '/var/log', '/var/log', readOnly=true) +
+      // For reading docker containers. /var/log is used for the positions file
+      // and shouldn't be set to readonly.
+      k.util.hostVolumeMount('varlog', '/var/log', '/var/log') +
       k.util.hostVolumeMount('varlibdockercontainers', '/var/lib/docker/containers', '/var/lib/docker/containers', readOnly=true) +
 
       // For reading journald