Open pwschuurman opened 4 months ago
This issue is currently awaiting triage.
SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted
label.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
If that ftn returns false, then I think we fall back to the kubelet fsgroup policy which will apply it for RWX volumes: https://github.com/kubernetes/kubernetes/blob/9e2075b3c87061d25759b0ad112266f03601afd8/pkg/volume/csi/csi_mounter.go#L335
?
I think it's driver dependent. Fsgroup will only be honoured for RWX volumes if the driver supports VOLUME_MOUNT_GROUP
. By default for unsupported drivers the Kubelet fsgroup will only be applied if that function (supportsFSGroup
) returns true (and the function returns false if the PVC isn't RWO).
Hmm. I thought I'd seen problems for fsgroup on nfs volumes, though.
Oh, but if a driver advertises, eg, a File access mode then fsgroup will apply: https://kubernetes-csi.github.io/docs/support-fsgroup.html.
/language en
Oh, but if a driver advertises, eg, a File access mode then fsgroup will apply: https://kubernetes-csi.github.io/docs/support-fsgroup.html.
Yes, I think that's the only way that non-RWO volumes can support fsgroup, by delegating to a (supported) CSI driver
/sig storage
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
This is a Feature Request
What would you like to be added
Enhance the documentation around volume permissions and ownership change policy for Pods. In the documentation the
fsgroup
setting is not explicitly defined as only supportingReadWriteOnce
volumes. In the CSI mounter code,fsgroup
is ignored if the AccessMode for a PVC is notReadWriteOnce
. This request is to enhance the documentation by adding a note stating this setting is ignored in RWX mode.Why is this needed This would clarify the use of the
fsgroup
setting fpr RWX volumesComments