Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insufficient permissions on volume for non-root containers #901

Closed
sereinity opened this issue Jun 23, 2021 · 5 comments
Closed

Insufficient permissions on volume for non-root containers #901

sereinity opened this issue Jun 23, 2021 · 5 comments
Assignees
@edreed

Comments

@sereinity
Copy link

What happened:

Pods crash at start because it can't create files in the new PVC.

I'm able to make the pod work by manually create a temporary pod, mounting, create files and changing ownership.

What you expected to happen:

I expect that the new CSI provisionner can work as a drop-in replacement of the kubernetes.io/azure-disk provisionner.

How to reproduce it:

Create a new cluster with aks version 1.21.1.

loki:
  persistence:
    enabled: true
    size: 15Gi
    storageClassName: default # switch to "managed" to make it work
helm upgrade --install --create-namespace --version 2.4.1 -n logging -f values.yml loki-stack grafana/loki-stack

Anything else we need to know?:

Environment:

  • CSI Driver version: v1.2.0 and v1.4.0
  • Kubernetes version (use kubectl version): Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.1", GitCommit:"ca992926ba9f76abd853859a64b5b04a1b562362", GitTreeState:"clean", BuildDate:"2021-05-19T22:29:12Z", GoVersion:"go1.16.4", Compiler:"gc", Platform:"linux/amd64"}
  • OS (e.g. from /etc/os-release):
  • Kernel (e.g. uname -a):
  • Install tools: helm v3.6.0
  • Others:
@edreed
Copy link
Collaborator

edreed commented Jun 23, 2021

I was able to reproduce the issue with the deploy/example/statefulset-nonroot.yaml example. I found a related issue in kubernetes-sigs/vsphere-csi-driver#370 and tried the workaround of explicitly setting the fstype parameter in the StorageClass to ext4. This worked for me. @sereinity Can you give this a try and report back whether this works for you?

@edreed
Copy link
Collaborator

edreed commented Jun 23, 2021

/assign

@andyzhangx
Copy link
Member

this issue could be related to fsGroupPolicy, which is only supported from 1.20, and you need to run following command to support fsGroupPolicy: https://github.com/kubernetes-sigs/azuredisk-csi-driver/tree/master/deploy/example/fsgroup#option2-enable-fsgrouppolicy-support-on-a-cluster-with-csi-driver-already-installed

When minimum supported k8s version is 1.20, we will enable fsGroupPolicy feature by default.

@edreed
Copy link
Collaborator

edreed commented Jun 24, 2021

@andyzhangx Thanks! Enabling fsGroupPolicy also worked for me.

@sereinity
Copy link
Author

Thank you @edreed , @andyzhangx I confirm that both enabling fsGroupPolicy or explicitly setting fstype worked for me.

@andyzhangx andyzhangx mentioned this issue Jun 25, 2021
Closed
@andyzhangx andyzhangx mentioned this issue Jul 23, 2021
Closed
@andyzhangx andyzhangx mentioned this issue Aug 7, 2021
Closed
@andyzhangx andyzhangx mentioned this issue Oct 7, 2022
Closed
@andyzhangx andyzhangx mentioned this issue Apr 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@edreed edreed

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sereinity @andyzhangx @edreed