New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The PV created by rookceph cannot be written to the mounted pod, but the write permission is given #13998
Comments
@ywd1988 which pv you are pointing to? |
The PV pod created by rookceph has root privileges but no write privileges |
@ywd1988 you need to add securityContext to the pod as i mentioned here ceph/ceph-csi#3342 (comment) |
|
Please provide the PVC and Pod yaml you are using , what version of Rook/kubernetes you are using? |
kind: Pod pvc:kind: PersistentVolumeClaim |
i dont see anything like below or similar to it in above pod yaml, the securityContext is empty above apiVersion: v1
kind: Pod
metadata:
name: csicephfs-demo-pod
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
containers:
- name: web-server
image: busybox
command: ["sleep", "60000"]
volumeMounts:
- name: mypvc
mountPath: /var/lib/www/html
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true |
kind: Pod |
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true Can you add fsGroup at the pod level as well? |
Not Supported |
what version of kubernetes and Rook you are using? |
rook:1.13.7 kubernetes:1.26.12 |
AFAIK it is supported in kubernetes 1.26 https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod , can you please check |
That could be because my kubesphere 3.4.1 does not support it |
I manually set write permissions in the pod, which is also possible |
The PV created by rookceph cannot be written to the mounted pod, but the write permission is given
The text was updated successfully, but these errors were encountered: