Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

PV permissions not set when using fsGroup with ReadWriteOncePod #3102

Open
vrevelas opened this issue Nov 8, 2024 · 0 comments
Open

PV permissions not set when using fsGroup with ReadWriteOncePod #3102

vrevelas opened this issue Nov 8, 2024 · 0 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@vrevelas
Copy link

vrevelas commented Nov 8, 2024

Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug

What happened: I created a StatefulSet with the pod's securityContext specifying fsGroup: 1000 and volumeClaimTemplates[0].spec.accessModes: ["ReadWriteOncePod"]

What you expected to happen:
The PV's filesystem should have been writeable by UID 1000. Instead it was owned by root. Switching the accessMode to ReadWriteOnce fixed the issue.

How to reproduce it (as minimally and precisely as possible):
kubectl apply -f these resources https://gist.github.com/vrevelas/50bf5ba8c9aeecd60183ba31b90370f7
kubectl exec -ti fsgroup-issue-repro-0 -- sh
touch /test/hello

the result will be "permission denied". delete the resources with kubectl delete, and also delete the PVC and PV. then change ReadWriteOncePod to ReadWriteOnce and repeat the steps above. the touch command will succeed.

Anything else we need to know?:

Environment:

  • csi-vsphere version: 103.1.0+up3.1.2-rancher1
  • vsphere-cloud-controller-manager version: v3.1.2
  • Kubernetes version: v1.29.8
  • vSphere version: 7.0.3.01900
  • OS (e.g. from /etc/os-release): Ubuntu 20.04
  • Kernel (e.g. uname -a): 5.4.0-193-generic
  • Install tools:
  • Others:
@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Nov 8, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Development

No branches or pull requests

2 participants