Permission issue on OpenShift during sync using `devspace dev`

[tompatib]

What happened?
We are migrating to OpenShift from a vanilla K8s where we are using DevSpace. We have tweaked the Dockerfile.devspace to use a non-root user. Build and deployment works perfectly but fails on initial sync as DevSpace tries to change the permission (chmod & chtimes). Related issue: #1898

What did you expect to happen instead?
We should be able to remote and sync normally as on the vanilla K8s cluster.

How can we reproduce the bug? (as minimally and precisely as possible)

My devspace.yaml:

version: v1beta10
...

Using devspace dev we have this:

[0:sync] Downstream - Initial sync completed [0:sync] Helper - Error touching Path:"/MyApp/foo-bar.cs" MtimeUnix:1647865271 Mode:511: chtimes /app/src/MyApp/foo-bar.cs: operation not permitted [0:sync] Helper - Error chmod Path:"/MyApp/foo-bar.cs" MtimeUnix:1647865271 Mode:511: chmod /app/src/MyApp/foo-bar.cs: operation not permitted

... same for all files

[0:sync] Upstream - Upload 7 create change(s) (Uncompressed ~20.75 KB) [0:sync] Upstream - Successfully processed 7 change(s) [0:sync] Upstream - Restarting container [0:sync] Upstream - Initial sync completed [info] Opening 'http://localhost:5000' as soon as application will be started (timeout: 4m0s) [info] Starting log streaming [myapp-username:myapp] Start streaming logs for ns-devspace/myapp-username-7c7b9774b9-rjj5r/myapp

[myapp-username:myapp] ############### Restart container ############### [myapp-username:myapp] [myapp-username:myapp] Killed [myapp-username:myapp] /usr/share/dotnet/sdk/6.0.202/Microsoft.Common.CurrentVersion.targets(4830,5): error MSB3374: The last access/last write time on file "/app/src/MyApp/obj/Debug/net6.0/MyProject.csproj.CopyComplete" cannot be set. Access to the path '/app/src/MyProject/obj/Debug/net6.0/MyProject.csproj.CopyComplete' is denied. [/app/src/MyProject/MyProject.csproj] [myapp-username:myapp] [myapp-username:myapp] The build failed. Fix the build errors and run again.

Local Environment:

• DevSpace Version: 5.18.4
• Operating System: WSL Ubuntu 18.04
• ARCH of the OS: AMD64 Kubernetes Cluster:
• Cloud Provider: OpenShift 4.9.23 on prem
• Kubernetes Version: 1.22

Anything else we need to know?
Do you have any hints or guides to use it on RHOS? What user DevSpace is trying to perform the actions? We have a non-root user with permission 775 to the /app folder.

/kind bug

[FabianKramm]

@tompatib thanks for creating this issue! DevSpace uses the same user as the container has specified for syncing files and folders. Its essentially taring the local files and folders, tries to keep the user and permissions locally and then applies them in the container. Usually we recommend during development to use root as a user, but I believe OpenShift is not permitting that. Doeskubectl cp work for those files, because thats essentially what DevSpace is doing behind the scenes.

[JRosa316]

Is there a way to get around this currently as OpenShift does not support root containers?

[tompatib]

@FabianKramm, we could make this work. Checking on your suggestion the kubectl cp was working as expected, but it always failed when DevSpace tried to do the chmod and chtimes command.

As OpenShift doesn't allow root user on the containers we have defined an appuser but the default UID (1000) didn't match with the UID range of the namespace (project in RHOS), it was like 1000XX0000.

To solve this:

• we have changed the UID range on the project (to support alpine images - not necessary otherwise)

• explicitly defined the UID for the appuser in the DevSpace's dockerfile

• gave the same permission for the source folder

When everything is right on the deployed pod you can see this:

This issue is good to close from my side.