storageClassName and permissions

Anil_G · August 8, 2018, 11:57pm

What should be the storageClassName in my volumeClaimTemplates?

Looks like it cannot be empty. I tried RBD that failed to provision the PVC because its an unknown type in replicated. I tried “default” now but pods aren’t coming up.

As per replicated doc, it suggested we don’t have to make any changes in our yaml and replicated would set its custom storageClass automatically. But I see its not changed after deployment as “kubectl describe pvc” shows its of type default only.

My pods aren’t coming up because of permission issues as shown below. Our containers run as user 1010 so can you please suggest the appropriate configuration for PVCs in replicated?

Caused by: java.nio.file.AccessDeniedException: /var/data/elasticsearch/nodes

Anil_G · August 9, 2018, 11:07pm

Ok. I found the solution.

I had to add the securityContext under the template.spec of my statefulset definition. And fsGroup was the key addition that needs to match the userID. This sets the permissions on the associated volume without which user 1010 will not have access to the PVs as seen earlier.

  securityContext:

    runAsUser: 1010

    fsGroup: 1010

Topic		Replies	Views
Using Kubernetes Local Persistent Volumes Packaging an application	0	1193	March 12, 2020
Ceph PersistentVolumeClaim Resizing Packaging an application	0	1005	March 24, 2020
Authenticating Job pods to private registry How do I?	2	235	September 18, 2022
How to resolve Longhorn volume attachments errors after a reboot of a node? How do I? kurl , storage , longhorn	3	1070	May 2, 2023
Flexvolume creates deadlock and Deployment enters into Crashloopbackoff on node reboot Packaging an application	4	676	July 29, 2020

storageClassName and permissions

Related Topics