search

rancher / local-path-provisioner

Dynamically provisioning persistent local storage with Kubernetes
Apache License 2.0
2.18k stars 451 forks source link

Permission error when provisioning a PVC #282

Closed jvenhuizen closed 1 year ago

jvenhuizen commented 1 year ago

OpenShift 4.10 SNO CoreOS 410.84.202211140926-0 (Ootpa)

When I attempt to create a PVC with the local-path-provisioner I receive the following error:

mkdir: can't create directory '/opt/local-path-provisioner/pvc-1b8861df-d48a-4701-b8fe-2f7cf878e3fa_test': Permission denied

I have verified that the /opt/local-path-provisioner exists and the path is read-write for all users.

Any suggestions or any requests for more information I can provide is appreciated.

jvenhuizen commented 1 year ago

Is there any other information I can provide to help troubleshoot this issue?

jperera-interloc commented 1 year ago

Hi Jason:

I could successfully bypass the problem with creating the PVC by using a privileged SecurityContext on the helper-pod:

      containers:
      - name: helper-pod
        image: busybox
        imagePullPolicy: IfNotPresent
        securityContext:
          privileged: true

However, later when the actual Pods that need access to the PVC are scheduled and executed, they are not able to create files and folders inside the Node Filesystem. So that was not a solution. Making the "user" Pods privileged (or grant them some of the apparently required SCCs) may not be a feasible option either.

This issue may be related to https://github.com/rancher/local-path-provisioner/issues/283.

For now, I'm using a local NFS (privileged) server (image: k8s.gcr.io/volume-nfs:0.8) on the SNO install that effectively decouples FileSystem Security from clients and that combined with the standard NFS provisioner (for Dynamic Provisioning) is working well in an SNO scenario. Although this 'local-path-provisioner' approach looked simpler and more "promising" initially.

Thanks

Julio.

derekbit commented 1 year ago

OpenShift 4.10 SNO CoreOS 410.84.202211140926-0 (Ootpa)

When I attempt to create a PVC with the local-path-provisioner I receive the following error:

mkdir: can't create directory '/opt/local-path-provisioner/pvc-1b8861df-d48a-4701-b8fe-2f7cf878e3fa_test': Permission denied

I have verified that the /opt/local-path-provisioner exists and the path is read-write for all users.

Any suggestions or any requests for more information I can provide is appreciated.

@jvenhuizen Sorry, not familiar with OpenShift. Can you provide the information

I'm thinking if it is related to SELinux setting. Any clues in demsg or syslog?

derekbit commented 1 year ago

@jvenhuizen Fixed in https://github.com/rancher/local-path-provisioner/pull/295. Will release 0.0.24 soon. Many thanks.