K
Q

Can not create ReadWrite filesystem in kubernetes (ReadOnly mount)

12/30/2021

Summary

I currently am in the process of learning kubernetes, as such I have decided to start with an application that is simple (Mumble).

Setup

My setup is simple, I have one node (the master) where I have removed the taint so mumble can be deployed on it. This single node is running CentOS Stream but SELinux is disabled.

The issue

The /srv/mumble directory appears to be ReadOnly, and at this point I have tried creating an init container to chown the directory but that fails due to the issue above. This issue appears in both containers, and I am unsure at this point how to change this to allow the mumble application to create files in said directory. The mumble application user runs as user 1000. What am I missing here?

Configs

---
apiVersion: v1
kind: Namespace
metadata:
  name: mumble
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mumble-pv-volume
  labels:
    type: local
spec:
  storageClassName: manual
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteMany
  hostPath:
    type: DirectoryOrCreate
    path: "/var/lib/data"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mumble-pv-claim
  namespace: mumble
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: mumble-config
  namespace: mumble
data:
  murmur.ini: |
    **cut for brevity**
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mumble-deployment
  namespace: mumble
  labels:
    app: mumble
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mumble
  template:
    metadata:
      labels:
        app: mumble
    spec:
      initContainers:
        - name: storage-setup
          image: busybox:latest
          command: ["sh", "-c", "chown -R 1000:1000 /srv/mumble"]
          securityContext:
            privileged: true
            runAsUser: 0
          volumeMounts:
            - mountPath: "/srv/mumble"
              name: mumble-pv-storage
              readOnly: false
            - name: mumble-config
              subPath: murmur.ini
              mountPath: "/srv/mumble/config.ini"
              readOnly: false
      containers:
        - name: mumble
          image: phlak/mumble
          ports:
            - containerPort: 64738
          env:
            - name: TZ
              value: "America/Denver"
          volumeMounts:
            - mountPath: "/srv/mumble"
              name: mumble-pv-storage
              readOnly: false
            - name: mumble-config
              subPath: murmur.ini
              mountPath: "/srv/mumble/config.ini"
              readOnly: false
      volumes:
        - name: mumble-pv-storage
          persistentVolumeClaim:
            claimName: mumble-pv-claim
        - name: mumble-config
          configMap:
            name: mumble-config
            items:
              - key: murmur.ini
                path: murmur.ini
---
apiVersion: v1
kind: Service
metadata:
  name: mumble-service
spec:
  selector:
    app: mumble
  ports:
    - port: 64738
-- DaemonSlayer2048
kubernetes

Similar Questions

AKS URL Rewrite Angular
GKE Managed Certificate not serving over HTTPS
NGINX ingress auth-url returning 404 but the endpoint exists
How to write dockerfile for front end web app
How edit config/elasticsearch.yml in Google Kubernetes

1 Answer

12/31/2021

command: ["sh", "-c", "chown -R 1000:1000 /srv/mumble"]

Not the volume that is mounted as read-only, the ConfigMap is always mounted as read-only. Change the command to:

command: ["sh", "-c", "chown 1000:1000 /srv/mumble"] will work.

-- gohm'c
Source: StackOverflow