search

NetApp / trident

Storage orchestrator for containers
Apache License 2.0
761 stars 223 forks source link

UID and GID of existing files in PVCs are reset to 99 #797

Closed philipp1992 closed 2 weeks ago

philipp1992 commented 1 year ago

Hi,

all our existing NFS PVCs have reset the UID and GID from all files and directories to 99 instead of the UID of the container user. This leads to the issue, that existing files and not be written from the container.

image

New files however, have the correct UID and GID

Openshift is using arbitrary user ids and our deployment dont use any security context to change mounted pvcs permssions.

What could have caused this? Kind regrards Philipp

Setup: Openshift 4.10 with kubernetes v1.23.12+8a6bfe4 Red Hat Enterprise Linux CoreOS 410 Trident 22.01.0

Storageclass:

apiVersion: storage.k8s.io/v1
metadata:
  name: file-no-backup
provisioner: csi.trident.netapp.io
parameters:
  backendType: ontap-nas-economy
  selector: netapp=xxx-xxxx-trident0
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: Immediate

trident Backend:

config:
  ontap_config:
    nfsMountOptions: vers=4.1
    qtreesPerFlexvol: ''
    igroupName: ''
    trustedCACertificate: ''
    replicationSchedule: ''
    managementLIF: 10.0.3.25
    clientPrivateKey: 'secret:tbe-xxxx'
    chapUsername: ''
    svm: S-MU40-trident0
    lunsPerFlexvol: ''
    chapInitiatorSecret: ''
    clientCertificate: ''
    zone: ''
    storagePrefix: {}
    storageDriverName: ontap-nas-economy
    defaults:
      size: 1G
      encryption: 'false'
      mirroring: 'false'
      splitOnClone: 'false'
      fileSystemType: ext4
      exportPolicy: default
      spaceAllocation: 'true'
      qosPolicy: ''
      snapshotDir: 'false'
      adaptiveQosPolicy: ''
      securityStyle: unix
      tieringPolicy: ''
      snapshotPolicy: none
      spaceReserve: none
      snapshotReserve: ''
      unixPermissions: '---rwxrwxrwx'
    debug: false
    disableDelete: false
    region: ''
    autoExportPolicy: false
    qtreePruneFlexvolsPeriod: ''
    debugTraceFlags: null
    limitVolumeSize: ''
    username: 'secret:tbe-fxxxxx'
    serialNumbers: []
    emptyFlexvolDeferredDeletePeriod: ''
    version: 1
    chapTargetInitiatorSecret: ''
    usageHeartbeat: ''
    useCHAP: false
    useREST: false
    chapTargetUsername: ''
    storage: null
    password: 'secret:tbexxxxx'
    supportedTopologies: null
    credentials: null
    autoExportCIDRs:
      - 0.0.0.0/0
      - '::/0'
    limitAggregateUsage: ''
    replicationPolicy: ''
    qtreeQuotaResizePeriod: ''
    aggregate: ''
    dataLIF: 10.0.3.25
    backendName: ''
    labels:
      netapp: x-xxx-trident0
backendUUID: xxx
metadata:
  generateName: tbe-
  resourceVersion: '2287635512'
  name: tbe-l6bbh
state: online
configRef: ''
online: true
kind: TridentBackend
version: '1'
apiVersion: trident.netapp.io/v1
backendName: ontapnaseco_10.0.3.25
sjpeeris commented 2 weeks ago

@philipp1992 Please let us know if this issue still exists. If this has been resolved, please close the issue.

sjpeeris commented 2 weeks ago

Closing. Please re-open if you notice this issue with newer versions of Trident.