issues
search
noobaa
/
noobaa-operator
Operator for NooBaa - object data service for hybrid and multi cloud environments :cloud: :wrench:
https://www.noobaa.io
Apache License 2.0
102
stars
99
forks
source link
Fix for mount permissions on the agents PV
#1356
Closed
dannyzaken
closed
4 months ago
dannyzaken
commented
4 months ago
Explain the changes
Fix for mount permissions
For some reason, the changes in #1340 caused the PV to be mounted without write permissions for GID 0 and be owned by root user.
Added fsGroup 0 to the agent pod. This adds
w
permission to the mount for the owning GID 0 and provides write access to the agent process.
Also moved
allowPrivilegeEscalation
in the DB sts to the container security context
This setting can only be set in the container security context, not the pod security context. (see
here
)
Issues: Fixed #xxx / Gap #xxx
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2278120
Testing Instructions:
Create a pv pool on an openshift cluster
Make sure it runs successfully
The issue is not reproducible on minikube\rancher, since the pv is mounted there with
777
[ ] Doc added/updated
[ ] Tests added
Explain the changes
wpermission to the mount for the owning GID 0 and provides write access to the agent process.allowPrivilegeEscalationin the DB sts to the container security contextIssues: Fixed #xxx / Gap #xxx
Testing Instructions:
777