I've been hitting errors when trying to set up a dev platform in Kubernetes & minikube. The config is creating a service, persistentVolume, persistentVolumeClaim & deployment.

The deployment is creating a single pod with a single container based on bitnami/mariadb:latest

I am mounting a local volume into the minikube vm via:

minikube mount <source-path>:/data

This local volume is mounting correctly and can be inspected when I ssh into the minikube vm via: minikube ssh

I now run:

kubectl create -f mariadb-deployment.yaml

to fire up the platform, the yaml config:

kind: Service
apiVersion: v1
metadata:
  name: mariadb-deployment
  labels:
    app: supertubes
spec:
  ports:
  - port: 3306
  selector:
    app: supertubes
    tier: mariadb
  type: LoadBalancer
---
kind: PersistentVolume
apiVersion: v1
metadata:
  name: local-db-pv
  labels:
    type: local
    tier: mariadb
    app: supertubes
spec:
  storageClassName: slow
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/data/staging/sumatra/mariadb-data"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: local-db-pv-claim
  labels:
    app: supertubes
spec:
  storageClassName: slow
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  selector:
    matchLabels:
      type: local
      tier: mariadb
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: mariadb-deployment
  labels:
    app: supertubes
spec:
  selector:
    matchLabels:
      app: supertubes
      tier: mariadb
  template:
    metadata:
      labels:
        app: supertubes
        tier: mariadb
    spec:
      securityContext:
        fsGroup: 1001
      containers:
      - image: bitnami/mariadb:latest
        name: mariadb
        env:
        - name: MARIADB_ROOT_PASSWORD
          value: <db-password>
        - name: MARIADB_DATABASE
          value: <db-name>
        ports:
        - containerPort: 3306
          name: mariadb
        volumeMounts:
        - name: mariadb-persistent-storage
          mountPath: /bitnami
      volumes:
      - name: mariadb-persistent-storage
        persistentVolumeClaim:
          claimName: local-db-pv-claim

The above config will then fail to boot the pod and inspecting the pods logs within minikube dashboard shows the following:

nami    INFO  Initializing mariadb
mariadb INFO  ==> Cleaning data dir...
mariadb INFO  ==> Configuring permissions...
mariadb INFO  ==> Validating inputs...
mariadb INFO  ==> Initializing database...
mariadb INFO  ==> Creating 'root' user with unrestricted access...
mariadb INFO  ==> Creating database pw_tbs...
mariadb INFO  ==> Enabling remote connections...
Error executing 'postInstallation': EACCES: permission denied, mkdir '/bitnami/mariadb'

Looking at the above I believed the issue was to do with Bitnami using user: 1001 to launch their mariadb image:

https://github.com/bitnami/bitnami-docker-mariadb/issues/134

Since reading the above issue I've been playing with securityContext within the containers spec. At present you'll see I have it set to:

deployment.template.spec

securityContext:
  fsGroup: 1001

but this isn't working. I've also tried:

securityContext:
  privileged: true

but didn't get anywhere with that either.

One other check I made was to remove the volumeMount from deployment.template.spec.containers and see if things worked correctly without it, which they do :)

I then opened a shell into the pod to see what the permissions on /bitnami are:

Reading a bit more on the Bitnami issue posted above it says the user: 1001 is a member of the root group, therefore I'd expect them to have the neccessary permissions... At this stage I'm a little lost as to what is wrong.

If anyone could help me understand how to correctly set up this minikube vm volume within a container that would be amazing!

Edit 15/03/18

Following @Anton Kostenko's suggestions I added a busybox container as an initContainer which ran a chmod on the bitnami directory:

...
spec:
  initContainers:
  - name: install
    image: busybox
    imagePullPolicy: Always
    command: ["chmod", "-R", "777", "/bitnami"]
    volumeMounts:
    - name: mariadb-persistent-storage
      mountPath: /bitnami
  containers:
  - image: bitnami/mariadb:latest
    name: mariadb
...

however even with setting global rwx permissions (777) the directory couldn't mount as the MariaDB container doesn't allow user 1001 to do so:

nami    INFO  Initializing mariadb
Error executing 'postInstallation': EPERM: operation not permitted, utime '/bitnami/mariadb/.restored'

Another Edit 15/03/18

Have now tried setting the user:group on my local machine (MacBook) so that when passed to the minikube vm they should already be correct:

Now mariadb-data has rwx permission for eveyone and user: 1001, group: 1001

I then removed the initContainer as I wasn't really sure what that would be adding.

SSHing onto the minikube vm I can see the permissions and user:group have been carried across:

The user & group now being set as docker

Firing up this container results in the same sort of error:

nami    INFO  Initializing mariadb
Error executing 'postInstallation': EIO: i/o error, utime '/bitnami/mariadb/.restored'

I've tried removing the securityContext, and also adding it as runAsUser: 1001, fsGroup: 1001, however neither made any difference.