-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'/var/lib/arangodb3-apps/_db': Permission denied #677
Comments
Hello! We had same issue on OpenShift. Can you try set this:
Doc: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ Best Regards, |
Unfortunately this does not work either. When looking into pod specs after it was spawned I recognized that Current settings
Pod output (
We also tried using the |
Hello! FSGroup is placed under pod because it is pod setting (PodSecurityContext) and not visible in container settings (SecurityContext). FSGroup should be set in best case with same ID as your User (and your Storage needs to support mounting with permission override). Otherwise, you can use initContainer to check permissions (for example ls -al /data) and current user (id) to ensure that all is set properly. If it is possible, you can use initContainer to adjust privileges if needed (if you can run initContainer as root, but application need to run as user) Best, |
Hi Adam, after further research we aren't really sure if the We tested the same configuration on our local environment (minikube) and the We have seen that the kube-arangodb/pkg/deployment/images.go Line 402 in d232d3d
The
As the Thanks, |
Hello! For ID pod - it is not using any volumes, it only start for version discovery. Did you solve this issue? If yes, can I close it? |
Hello, |
Hi Adam, |
Hi @pbirkle , Could you please share with us the helm chart? |
Fixed by feature |
Hello everyone,
I'm facing an issue while setting up an arangodb in cluster mode in kubernetes. In our kubernetes environment it is not permitted to run containers as root, therefore we added
securityContext
in ourArangoDeployment
file forid
,agents
,dbservers
andcoordinators
. With this configuration the pods can be deployed, but fail during startup. e.g.:At first we installed the two helm charts kube-arangodb (v1.1.2) and kube-arangodb-crd (v1.1.2) before applying the
ArangoDeployment
. As soon as thearangodb-cluster-id-XXXXX
pod is spawned, this pod directly switches to state 'Error' with following log output:Looks like the permissions are not set properly while setting up the database. I already found this issue, but unfortunately we are not permitted to change the capabilities to DAC_OVERRIDE either.
Patrick Birkle [email protected], Daimler TSS GmbH, Imprint
The text was updated successfully, but these errors were encountered: