New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Having to add privileged:true in osd deployment spec for blkdevmapper to fix permission denied #9186
Comments
This may be fixed by #9158 that just merged. Can you test with the latest test image |
Ah, just noticed you're already using that image. @Omar007 is |
I'll give that version a shot later but at the time of the PR, it solved it on my end. So unless I've missed a different permission that is also relevant or it somehow wasn't granted, it should be working 🤔 @mikementzmaersk Is there any output/logging available? Or is it the exact same as in #9156 ? |
Hi What I did note though was that the MKNOD capability was already in the blkdevmapper deployment (as we also had to add MKNOD to the allowedCapabilities section of the SCC) in order to get the pod created. Just now trying to figure out whether it really should run as privileged or not. The other init container all have privileged: true in their security sections. |
Since you're on OpenShift I assume you are running with However, I do not have an OpenShift cluster in my back pocket to try this on and my Linux knowledge does not go much further than those base capabilities. I do know OpenShift/Red Hat tends to do a lot of SELinux level stuff, maybe that becomes relevant and also requires certain capabilities? Sadly that is completely out of my area of expertise/knowledge so I can't really help there :( In the mean time, if we do not know what is involved for this case and it's apparently breaking OpenShift deployments, maybe we need to update the function I added to listen to that flag |
Is this a bug report or feature request?
Bug Report
Deviation from expected behavior:
OSD Deployments are getting stuck in pod initialisation phase, init container blkdevmapper loggin permission denied creating special file.
Adding privileged:true to blkdevmapper container security context resolves.
Expected behavior:
Shouldn't have to edit the deployment yaml
How to reproduce it (minimal and precise):
rook-ceph-operator version v1.7.7-16.g20b74f0
File(s) to submit:
cluster.yaml
, if necessaryTo get logs, use
kubectl -n <namespace> logs <pod name>
When pasting logs, always surround them with backticks or use the
insert code
button from the Github UI.Read Github documentation if you need help.
Environment:
uname -a
):rook version
inside of a Rook Pod):ceph -v
):kubectl version
):ceph health
in the Rook Ceph toolbox):The text was updated successfully, but these errors were encountered: