Wiki Update(?): Setting up Turbonomic on IBM Cloud Kubernetes Service (IKS)

[rohanarora]

While setting up Turbonomic on IKS one may witness a few Turbonomic pods reporting CrashloopBackOff, logging the following lines as an example:

mkdir: cannot create directory '/consul/data/raft': Permission denied

This is because the default storage class for IKS is ibmc-file-bronze that does not allow other non-root users to write to the mounted storage

[rohanarora]

To resolve this, use one of the following storage classes instead of the default ibmc-file-bronze:

1. gid file storage class Documentation here
2. block storage class Documentation here

When using gid storage class one needs to set securityContext.fsGroup. The following is an example of a custom resource YAML to be used on IKS:

# Based on https://github.com/turbonomic/t8c-install/blob/master/operator/deploy/crds/charts_v1alpha1_xl_cr.yaml
apiVersion: charts.helm.k8s.io/v1
kind: Xl
metadata:
  name: xl-release
spec:
  global:
    repository: turbonomic
    tag: 8.4.5
    storageClassName: ibmc-file-bronze-gid
    securityContext:
      fsGroup: 65531

The value 65531 is the default group ID for the following storage classes:

• ibmc-file-bronze-gid
• ibmc-file-silver-gid
• ibmc-file-gold-gid

Block storage classes do not need n securityContext.fsGroup to be set.

[esara]

hi @rohanarora I ran into the same issue a while ago, but in my case I followed the IBM documentation at https://cloud.ibm.com/docs/containers?topic=containers-cs_storage_nonroot and used the

spec:
  global:
    storageClassName: ibmc-file-bronze-gid
    securityContext:
      fsGroup: 65531

configuration in the custom resource

[rohanarora]

Thanks @esara. Yes and that is what I documented in a way via the comment here

[esara]

sorry, I was reading the original question only

[rohanarora]

Aha. I see. No problem at all. Wondering if this has a home in the Wiki or we could leave it here as well. Feel free to close this issue. Thank you both, @esara and @evat-pm!