acorn-io
Invalid write permissions for registry volume
Hi,
today I upgraded from v0.7.0 to v0.8.0 and observed, that the image upload to the internal registry didn't worked.
I investigated the problem and found several filesystem: mkdir /var/lib/registry/docker: permission denied exceptions inside the registry pod logs.
I'am using a k3s cluster on Hetzner Cloud and observed the same exceptions with the the hcloud-volumes and longhorn storage classes. Both are mounted as ext4 volume inside the pod. Using the standard storage class on minikube with the k8s.io/minikube-hostpath provisioner works properly.
Execing into the registry pod and creating the directory manually wasn't possible, cause the user acorn has no permissions to create it.
As workaround I patched the registry deployment with the propper securityContext. I'am not sure if this has any side effects I'am not aware of, but if not, maybe you can incorporate this.
### reset the registry
kubectl -n acorn-image-system get persistentvolumeclaims
kubectl -n acorn-image-system delete deployments.apps registry
### create the patch
cat << EOF >> /tmp/registry-deployment-patch.yaml
spec:
template:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
EOF
### apply the patch
kubectl -n acorn-image-system patch deployment registry --patch-file /tmp/registry-deployment-patch.yaml
### delete the running registry pod to restart the registry
kubectl -n acorn-image-system delete pod $(kubectl -n acorn-image-system get pods -l app=registry -o jsonpath='{.items[].metadata.name}')
