K
Q

permission denied when mount in kubernetes pod with root user

8/16/2020

When I using this command in kubernetes v1.18 jenkins's master pod to mount a nfs file system:

root@jenkins-67fff76bb6-q77xf:/# mount -t nfs -o v4 192.168.31.2:/infrastructure/jenkins-share-workspaces /opt/jenkins
mount: permission denied
root@jenkins-67fff76bb6-q77xf:/#

why it shows permission denied althrough I am using root user? when I using this command in another machine(not in docker), it works fine, shows the server side works fine. this is my kubernetes jenkins master pod secure text config in yaml:

securityContext:
        runAsUser: 0
        fsGroup: 0

today I tried another kubernetes pod and mount nfs file system and throw the same error. It seems mount NFS from host works fine, and mount from kubernetes pod have a perssion problem. Why would this happen? the NFS is works fine by PVC binding PV in this kubernetes pod, why it mount from docker failed? I am confusing.

-- Dolphin
kubernetes

Similar Questions

get PreStop lifecycle hook execution results
Kubernetes ingress service NodePort is only listen to tcp6/ipv6 not tcp/ipv4
what are the Kubernetes modules directly communicating with etcd
Certificates per cluster or certificate per service provider?
Kubeadm command not found

2 Answers

8/17/2020

There are two ways to mount nfs volume to a pod

First (directly in pod spec):

kind: Pod
apiVersion: v1
metadata:
  name: pod-using-nfs
spec:
  volumes:
    - name: nfs-volume
      nfs: 
        server: 192.168.31.2
        path: /infrastructure/jenkins-share-workspaces
  containers:
    - name: app
      image: example
      volumeMounts:
        - name: nfs-volume
          mountPath: /var/nfs

Second (creating persistens nfs volume and volume claim):

apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs
spec:
  capacity:
    storage: 1Mi
  accessModes:
    - ReadWriteMany
  nfs:
    server: 192.168.31.2
    path: "/infrastructure/jenkins-share-workspaces"

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: ""
  resources:
    requests:
      storage: 1Mi
  volumeName: nfs

---
kind: Pod
apiVersion: v1
metadata:
  name: pod-using-nfs
spec:
  containers:
    - name: app
      image: example
      volumeMounts:
        - name: nfs
          mountPath: /opt/jenkins
  volumes:
    - name: nfs
      persistentVolumeClaim:
        claimName: nfs

EDIT:

The solution above is prefered one, but if you reallly need to use mount in container you need to add capabilities to the pod:

spec:
  containers:
  - securityContext:
      capabilities:
        add: ["SYS_ADMIN"]
-- Matt
Source: StackOverflow
8/16/2020

Try using 

securityContext:
  privileged: true

This needs if you are using dind for jenkins

-- Dashrath Mundkar
Source: StackOverflow