-
Bug
-
Resolution: Done-Errata
-
Undefined
-
None
-
4.18
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
Done
-
Release Note Not Required
-
N/A
-
None
-
None
-
None
-
None
Description of problem:
Even if user explicitly requires the same fsGroup as runAsUser and runAsGroup for a Pod:
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1002
runAsGroup: 1002
fsGroup: 1002
he/she will fail to write to the volume:
bash-5.2$ touch /mnt/claim/FILE
touch: cannot touch '/mnt/claim/FILE': Permission denied
if StorageClass does not set uid/gid or dir_mode or noperm:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: samba
provisioner: smb.csi.k8s.io
parameters:
source: //samba-server.samba-server.svc.cluster.local/share
csi.storage.k8s.io/provisioner-secret-name: smbcreds
csi.storage.k8s.io/provisioner-secret-namespace: samba-server
csi.storage.k8s.io/node-stage-secret-name: smbcreds
csi.storage.k8s.io/node-stage-secret-namespace: samba-server
reclaimPolicy: Delete
volumeBindingMode: Immediate
mountOptions:
- file_mode=0777
- mfsymlinks
- cache=strict
- noserverino
Version-Release number of selected component (if applicable):
How reproducible:
100%
Steps to Reproduce:
See reproducer in upstream issue: https://github.com/kubernetes-csi/csi-driver-smb/issues/835
Actual results:
An attempt to write inside the volume fails.
Expected results:
User can write data to the volume.
Additional info:
- links to
-
RHEA-2024:6122
OpenShift Container Platform 4.18.z bug fix update