search

informatics-lab / s3-fuse-flex-volume

A Kubernetes flex volume driver for a custom s3 fuse adapter
BSD 3-Clause "New" or "Revised" License
31 stars 11 forks source link

Permisions denied usng informaticslab/goofys-flex-volume #16

Open guysoft opened 4 years ago

guysoft commented 4 years ago

Hey, Trying to use this chart, installed as provided in the README. 

helm install --namespace kube-system s3-fuse-deployer s3-fuse-flex-volume

Then created a deployment with a volume:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/name: selenium
  name: selenium
spec:
  replicas: 2
  selector:
    matchLabels:
      app.kubernetes.io/name: selenium
  template:
    metadata:
      labels:
        app.kubernetes.io/name: selenium
    spec:
      volumes:
      - name: goofys-mybucket
        flexVolume:
          driver: "informaticslab/goofys-flex-volume"
          options:
          # Required
          bucket: "xxxxxxxxxxxxxxx-eu"
          # Optional
          dirMode: "0755"
          fileMode: "0644"
          # uid: "501"
          # gid: "20"
          # subPath: "key/prefix"
          # endpoint: "s3.not-aws.com"
          # debug_s3: false
          # region: "us-east-1"
          access-key: "xxxxxxxxxxxxxxxxxxxx"
          secret-key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      containers:
      - image: XXXXXXX/selenium
        name: selenium
        imagePullPolicy: Always
        tty: true
        volumeMounts:
        - name: goofys-mybucket
          mountPath: /s3/mybucket

Also tried with and without dirMode/fileMode.

To run the deployment I also had to include --validate=false Because otherwise I get:

error: error validating "selenium-s3.yaml": error validating data: [ValidationError(Deployment.spec.template.spec.volumes[1].flexVolume): unknown field "access-key" in io.k8s.api.core.v1.FlexVolumeSource, ValidationError(Deployment.spec.template.spec.volumes[1].flexVolume): unknown field "bucket" in io.k8s.api.core.v1.FlexVolumeSource, ValidationError(Deployment.spec.template.spec.volumes[1].flexVolume): unknown field "dirMode" in io.k8s.api.core.v1.FlexVolumeSource, ValidationError(Deployment.spec.template.spec.volumes[1].flexVolume): unknown field "fileMode" in io.k8s.api.core.v1.FlexVolumeSource, ValidationError(Deployment.spec.template.spec.volumes[1].flexVolume): unknown field "secret-key" in io.k8s.api.core.v1.FlexVolumeSource]; if you choose to ignore these errors, turn validation off with --validate=false

If I bring it up and try to run ls I get "Permisions denied" to the volume, even as root.

What can I do to fix this? Running with EKS 1.15.

solovyevt commented 4 years ago

@guysoft As it clearly stated in the error message, section starting from # Required has wrong indentation. It should look something like this:

...
flexVolume:
  driver: "informaticslab/goofys-flex-volume"
  options:
    # Required
    bucket: "xxxxxxxxxxxxxxx-eu"
    # Optional
    dirMode: "0755"
    fileMode: "0644"
    # uid: "501"
    # gid: "20"
    # subPath: "key/prefix"
    # endpoint: "s3.not-aws.com"
    # debug_s3: false
    # region: "us-east-1"
    access-key: "xxxxxxxxxxxxxxxxxxxx"
    secret-key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
...
guysoft commented 4 years ago

Hey, moved to use kube-s3 in the meantime. I can't really touch the current setup, so I can't really reproduce anymore. Should I close this?