Deuxfleurs
/
garage
43
37
Fork 55
Code Issues 69 Pull Requests 4 Releases 29 Wiki Activity

No write permissions on the persistent volumes using the Helm chart on some storage class. #427

New Issue
Closed
opened 2022-11-18 18:55:41 +00:00 by 1 · 3 comments
1 commented 2022-11-18 18:55:41 +00:00
Copy Link

Hei,

I deployed garage on Kubernetes 1.25 (K3S) using the helm chart from the garage repository.

Using the K3S standard local-path storage class, the permissions of /mnt/meta and /mnt/data are both 777 and owned by root:root. garage runs with the user 1000 and it is able to write correctly.

However when using the openebs-zfspv storage class, the permissions are 755 still owned by root:root and garage cannot write.

I fixed the configuration problem by setting the following pod security context in the values.yaml file:

podSecurityContext:
  fsGroup: 1000
  fsGroupChangePolicy: OnRootMismatch

This may be necessary to put by default (I'm not sure about the fsGroupChangePolicy).

Also, checking the permissions could be done during startup to crash early, or also checked during the readyness check as discussed in the matrix channel.

Hei, I deployed garage on Kubernetes 1.25 (K3S) using the helm chart from the garage repository. Using the K3S standard `local-path` storage class, the permissions of `/mnt/meta` and `/mnt/data` are both `777` and owned by `root:root`. garage runs with the user `1000` and it is able to write correctly. However when using the `openebs-zfspv` storage class, the permissions are `755` still owned by `root:root` and garage cannot write. I fixed the configuration problem by setting the following pod security context in the `values.yaml` file: ```yaml podSecurityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch ``` This may be necessary to put by default (I'm not sure about the `fsGroupChangePolicy`). Also, checking the permissions could be done during startup to crash early, or also checked during the readyness check as discussed in the matrix channel.
patrickjahns commented 2022-11-18 21:39:45 +00:00
Contributor
Copy Link

I've also stumpled onto this and added fixes in this PR: #425

Feel free to test and provide feedback on the pullrequest

I've also stumpled onto this and added fixes in this PR: https://git.deuxfleurs.fr/Deuxfleurs/garage/pulls/425 Feel free to test and provide feedback on the pullrequest
patrickjahns commented 2023-02-08 19:43:39 +00:00
Contributor
Copy Link

@1
Since #425 was merged, this should be resolved by now

@1 Since #425 was merged, this should be resolved by now
quentin commented 2023-03-13 14:22:48 +00:00
Owner
Copy Link

Closing for now, feel free to re-open if this issue is not solved

Closing for now, feel free to re-open if this issue is not solved
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
main-0.9.x
db-no-unsafe
main-0.8.x
k2v/shared_http_client
feat/website-redir
smithy2
test/compilation
poc/nomad-ci
test-ci-wait
pnet_datalink-0.33.0
optimal-layout
k2v-watch-range
db-debug-log
build-convert-db
demonstrate-cargo2nix-bug
dangerous/no-fsync
dev0.7.3
doc/benchmarks
bug/check_static
bucket-cors-more
storage-optimizations
old-main
v1.0.0
v0.9.4
v1.0.0-rc1
v0.8.7
v0.9.3
v0.9.2
v0.8.6
v0.9.2-rc1
v0.9.1
v0.8.5
v0.10.0-beta1
v0.9.0
v0.9.0-rc2
v0.9.0-rc1
v0.9.0-beta4
v0.9.0-beta3
v0.9.0-beta2
v0.8.4
v0.9.0-beta1
v0.8.3
v0.8.3-rc1
format_table-v0.1.1
format_table-v0.1.0
v0.8.2
v0.8.1
v0.8.0
v0.8.0-rc2
v0.8.0-rc1
v0.8.0-dangerous-no-fsync
v0.8.0-beta2-k2v
v0.8.0-beta2
v0.8.0-beta1-k2v
v0.8.0-beta1
v0.7.99.3-k2v
v0.7.3
v0.7.3-beta2
v0.7.3-beta1
v0.7.2.1
v0.7.2
v0.7.2_ci-test-2
v0.7.2+ci-test-version
v0.7.99.2-k2v
v0.7.99.1-k2v
v0.7.99-k2v
v0.7.2-k2v
v0.7.1-admin-k2v-2
v0.7.1-admin-k2v
v0.7.1-k2v
v0.7.1
v0.7.0
v0.7.0-rc1
v0.6.1
v0.6.0
v0.6.0-rc1
v0.5.1
v0.5.0.1
v0.5.0
v0.5-beta1
v0.4.0
v0.4-rc2
v0.4-rc1
0.4-beta
0.4-alpha
v0.3.0.2
v0.3.0.1
v0.3.0
v0.2.1.5
v0.2.1
v0.2.0
0.1.1b
0.1.1
0.1.0b
0.1.0
Labels
Clear labels   
AdminAPI

Issues concerning the administration API

  
Bug

   
Check AWS

The behaviour should be checked against AWS S3

  
CI

Issues with Nix, Drone, Rust Compiler, etc.

  
Correctness

Issues of theoretical correctness that may impact edge-case scenarios

  
Critical

   
Documentation

   
Ideas

For abstract ideas/proposal to make Garage better, to better communicate our not yet achieved aims

  
Improvement

   
Low priority

For issues that we don't want to spend time on until made absolutely necessary

  
Newcomer

A bug that should be newcomer friendly.

  
Performance

   
S3 Compatibility

   
Testing

   
Usability

Propositions to make Garage easier to operate, by improving error reporting, CLI, etc.

No Label
AdminAPI
Bug
Check AWS
CI
Correctness
Critical
Documentation
Ideas
Improvement
Low priority
Newcomer
Performance
S3 Compatibility
Testing
Usability
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Deuxfleurs/garage#427
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?