Permission denied in minikube cockroachdb cluster

[gonzojive]

I followed the official instructions for a local kubernetes cluster. It worked.

I then tried to use a persistent volume for the database data. The cockroachdb pods fail to start with the following error message:

++ expr 8192 / 4
++ expr 8192 / 4
+ exec /cockroach/cockroach.sh start --join=blahcockroachdb-0.blahcockroachdb.default:26258,blahcockroachdb-1.blahcockroachdb.default:26258,blahcockroachdb-2.blahcockroachdb.default:26258 --advertise-host=blahcockroachdb-1.blahcockroachdb.default --certs-dir=/cockroach/cockroach-certs/ --http-port=8080 --sql-addr=:26257 --listen-addr=:26258 '--log={sinks: {stderr: {channels: [OPS, HEALTH], redact: true}}}' --cache 2048MiB --max-sql-memory 2048MiB
unable to GC log files: open /cockroach/cockroach-data/logs: permission denied

I believe https://github.com/kubernetes/minikube/issues/1990 is causing the permission denied error because the mounted persistent volume is not writable by user 1000581000 despite fsGroup being set to 1000581000 for the volume.

A workaround might be to modify the operator to chown or chgrp the /cockroach/cockroach-data directory appropriately.

https://github.com/cockroachdb/cockroach-operator/blob/c133bd007e0ee9e6a0bc25f408943c5200188b71/pkg/resource/statefulset.go#L46

[noguchitoshi]

Hi, are you supplying a different persistent volume than the one that is automatically used?

[gonzojive]

Yes. It seems to only happen using a volume mounted using minikube mount.

On Mon, May 23, 2022 at 9:47 AM noguchitoshi @.***> wrote:

Hi, are you supplying a different persistent volume than the one that is automatically used?

— Reply to this email directly, view it on GitHub https://github.com/cockroachdb/cockroach-operator/issues/897#issuecomment-1134906952, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAUO55MKE3XFC5MGFSRVFLVLOZA7ANCNFSM5V5ZC5SA . You are receiving this because you authored the thread.Message ID: @.***>