K
Q

Using azure file storage with kubernetes and azure container service (aks) - permission denied

11/3/2017

I have an azure container service (aks) cluster. It is migrated to version 1.8.1. I am trying to deploy postgres database and use AzureFileVolume to persist postgres data on.

By default, if I deploy the postgres database without mounting volume, everything is working as excepted, i.e. pod is created and database is initialized.

When I try to mount a volume using the yaml below, I get initdb: could not access directory "/var/lib/postgresql/data": Permission denied.

I tried various hacks as suggested in this long github thread, like: setting security context for the pod or running chown commands in initContainers. The result was the same - permission denied.

Any ideas would be appreciated.

apiVersion: v1
kind: Service
metadata:
  labels:
    app: myapp
    component: test-db
  name: test-db
spec:
  ports:
    - port: 5432
  selector:
    app: myapp
    component: test-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: test-db
spec:
  template:
    metadata:
      labels:
        app: myapp
        component: test-db
    spec:
      securityContext:
        fsGroup: 999
        runAsUser: 999      
      containers:
      - name: test-db  
        image: postgres:latest  
        securityContext:
          allowPrivilegeEscalation: false          
        ports:
        - containerPort: 5432
        env:
        - name: POSTGRES_DB
          value: myappdb
        - name: POSTGRES_USER
          value: myappdbuser  
        - name: POSTGRES_PASSWORD
          value: qwerty1234
        volumeMounts:
          - name: azure
            mountPath: /var/lib/postgresql/data              
      volumes:
        - name: azure
          azureFile:
            secretName: azure-secret
            shareName: acishare
            readOnly: false
-- regnauld
azure
azure-container-service
azure-storage
kubernetes
postgresql

Similar Questions

Kubectl apply does not update pods or deployments
Kubernetes High-Availability Masters
What is the difference between a resourceVersion and a generation?
k8s nginx ingress controller: rewrite part of the target url

2 Answers

3/15/2019

This won't work you need to use azure disks, reason postgres uses hard links which are not supported by azure files https://github.com/docker-library/postgres/issues/548

-- Anass Kartit
Source: StackOverflow
11/22/2017

We came across the same problems and figured out the following solution:

Instead of using an AzureFileVolume, we used an AzureDisk. So what we needed in Kubernetes is the following...

Storage Class

enter image description here

With your Azure account name

Persistent Volume Claim

Persistent Volume Claim

PostgreSQL Deployment Include PVC in the Kubernetes Deployment

- name: postgres-db
  persistentVolumeClaim:
      claimName: pvc-postgresdb

Additionally we need to point the PGDATA var to a subdirectory of the mounted directory. Because Azure is creating some issues with the AzureDisk type in the base directory.

#... evn definitions... 
- name: PGDATA
  value: /var/lib/postgresql/data/pgdata
volumeMounts:
- mountPath: /var/lib/postgresql/data/
  name: postgres-db
-- Lennart Blom
Source: StackOverflow