0

I'm having an issue where i'm unable to read files with 0660 permission, which indicates that the group membership doesn't work as intended.

Listing and reading files with 0664 works fine.

On the NFS host the files are owned by "www-data:www-data" on the kubernetes pod they are owned by the same user and group.

I'm out of ideas.

Kubernetes pod

$ id uid=1000(node) gid=1000(node) groups=33(www-data),1000(node) $ ls -l -rw-rw---- 1 www-data www-data 226598 Jan 8 20:54 file.jpg $ mount nfs-server-hostname:/mnt/files on /var/files type nfs4 (ro,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.166.0.32,local_lock=none,addr=10.166.0.5)

NFS host

$ ls -l -rw-rw---- 1 www-data www-data 226598 Jan 8 21:54 file.jpg

This is my setup.

Cluster details

Autopilot cluster running on GKE

Deployment details

I have a deployment with the following directives:

Spec

volumeMounts: - name: nfs-files mountPath: /var/files

Volumes

 volumes: - name: nfs-files nfs: server: nfs-server-hostname path: /mnt/files readOnly: true

NFS Host exports

/mnt/files *.hostname(rw,sync,no_subtree_check)
Improve this question

1 Answer 1

Reset to default
0

This has something to do with the interaction between Kubernetes and NFS, particularly when using the fsGroup securityContext. There are difficulties with reading from NFS-mounted volumes and it seems that the fsGroup securityConcept does not apply to NFS mounts.

If you set the proper securityContext for the pod configuration, you can make sure the volume is mounted with proper permissions. See this document on how to configure a Security Context for a pod or container

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.