local-path-provisioner icon indicating copy to clipboard operation
local-path-provisioner copied to clipboard

Published 20 hours ago verified publisher icon rancher

when create PVC, some of the pv are 755 permission

Open zhangj1236 opened this issue 2 years ago • 1 comments

In most cases, we can see the /opt/local-path-provisioner/xxx will have 777 permission, but some of them are 755, when this case happens, it will be no permission to write. I used the following yaml file to create local-path. My question are: 1)777 is expected, while 755 is not expected, right? 2)why in some cases, it will have 755 permission?

======================yaml file: cat deploy-readWriteMany.yaml apiVersion: v1 kind: Namespace metadata: name: local-path-storage

apiVersion: v1 kind: ServiceAccount metadata: name: local-path-provisioner-service-account namespace: local-path-storage

apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: local-path-provisioner-role rules:

  • apiGroups: [ "" ] resources: [ "nodes", "persistentvolumeclaims", "configmaps" ] verbs: [ "get", "list", "watch" ]
  • apiGroups: [ "" ] resources: [ "endpoints", "persistentvolumes", "pods" ] verbs: [ "*" ]
  • apiGroups: [ "" ] resources: [ "events" ] verbs: [ "create", "patch" ]
  • apiGroups: [ "storage.k8s.io" ] resources: [ "storageclasses" ] verbs: [ "get", "list", "watch" ]

apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: local-path-provisioner-bind roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: local-path-provisioner-role subjects:

  • kind: ServiceAccount name: local-path-provisioner-service-account namespace: local-path-storage

apiVersion: apps/v1 kind: Deployment metadata: name: local-path-provisioner namespace: local-path-storage spec: replicas: 1 selector: matchLabels: app: local-path-provisioner template: metadata: labels: app: local-path-provisioner spec: serviceAccountName: local-path-provisioner-service-account containers: - name: local-path-provisioner image: a.b.c.d:5000/rancher/local-path-provisioner:v0.0.23 imagePullPolicy: IfNotPresent command: - local-path-provisioner - --debug - start - --config - /etc/config/config.json volumeMounts: - name: config-volume mountPath: /etc/config/ env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumes: - name: config-volume configMap: name: local-path-config

apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: local-path provisioner: rancher.io/local-path volumeBindingMode: WaitForFirstConsumer reclaimPolicy: Delete

kind: ConfigMap apiVersion: v1 metadata: name: local-path-config namespace: local-path-storage data: config.json: |- { "sharedFileSystemPath": "/opt/local-path-provisioner" } setup: |- #!/bin/sh set -eu mkdir -m 0777 -p "$VOL_DIR" teardown: |- #!/bin/sh set -eu rm -rf "$VOL_DIR" helperPod.yaml: |- apiVersion: v1 kind: Pod metadata: name: helper-pod spec: containers: - name: helper-pod image: a.b.c.d:5000/busybox:latest imagePullPolicy: IfNotPresent

zhangj1236 avatar Aug 29 '23 08:08 zhangj1236