K
Q

Read only error when creating a mounting a PVC in IBM Cloud Kubernetes

3/1/2018

I'm trying to deploy Nexus3 as a Kubernetes pod in IBM Cloud service. I am getting this error, probably because the PVC is mounted as read only for that user. I have had this problem other times in Postgres for example but I can't recall how to solve it:

mkdir: cannot create directory '../sonatype-work/nexus3/log': Permission denied
mkdir: cannot create directory '../sonatype-work/nexus3/tmp': Permission denied
Java HotSpot(TM) 64-Bit Server VM warning: Cannot open file ../sonatype-work/nexus3/log/jvm.log due to No such file or directory

Warning:  Cannot open log file: ../sonatype-work/nexus3/log/jvm.log
Warning:  Forcing option -XX:LogFile=/tmp/jvm.log
Unable to update instance pid: Unable to create directory /nexus-data/instances
/nexus-data/log/karaf.log (No such file or directory)
Unable to update instance pid: Unable to create directory /nexus-data/instances

These are the PVC and POD yaml:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nexus-pvc
  annotations:
    volume.beta.kubernetes.io/storage-class: "ibmc-file-retain-bronze"
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi

apiVersion: v1
kind: Pod
metadata:
  name: nexus
  labels:
    name: nexus
spec:
  containers:
    - name: nexus
      image: sonatype/nexus3
      ports:
        - containerPort: 8081
      volumeMounts:
        - name: nexus-data
          mountPath: /nexus-data
        - name: tz-config
          mountPath: /etc/localtime
  volumes:
  - name: nexus-data
    persistentVolumeClaim:
      claimName: nexus-pvc
  - name: tz-config
    hostPath:
      path: /usr/share/zoneinfo/Europe/Madrid
-- icordoba
ibm-cloud
ibm-cloud-kubernetes
iks
kubernetes
nexus3

Similar Questions

Invalid JSON file for DeploymentConfig for Kubernetes
Connect AWS kubernetes pod to AWS DB
Running insecure Docker registry in k8s pod
Kubernetes pod/containers running but not listed with 'kubectl get pods'?

1 Answer

3/1/2018

The nexus3 Dockerfile is structured such that it runs as a non-root user. However, the NFS file storage requires root user to access and write to it. There are a couple of ways to fix this. One, you can restructure your Dockerfile to temporarily add the non-root user to root and change the volume mount permissions. Here are instructions for that: https://console.bluemix.net/docs/containers/cs_storage.html#nonroot

Another option is to run an initContainer (https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) that changes the mount path ownership before the main container runs. The initContainer would look something like this:

initContainers:
      - name: permissionsfix
        image: ubuntu:latest
        command: ["/bin/sh", "-c"]
        args:
          - >
            chown 1000:1000 /mount;
        volumeMounts:
        - name: volume
          mountPath: /mount
-- bhpratt
Source: StackOverflow