-
Notifications
You must be signed in to change notification settings - Fork 787
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FSGroup and fsGroupChangePolicy not supported with ReadWriteOncePod AccessMode #1982
Comments
Hi @GDegrove - the EBS CSI Driver is not responsible for managing/applying the pod's |
Upon further inspection, it appears this behavior in Kubernetes is intentional when the https://github.com/kubernetes/kubernetes/blob/95a6f2e4dcc2801612933707b05d31609744ada7/pkg/volume/csi/csi_mounter.go#L474-L476 We did change the default back because of issue #1365 - but this change has not been applied to the EKS Addon version of the driver due to a limitation in the EKS Addons service. Thus, you should be able to resolve this issue by either:
We're aware this is a subpar experience for EKS Addon users and are looking to change the default on the EKS Addons version of the driver too, but I don't have any ETA on that at the moment. |
@ConnorJC3 based on k8s docs for pod security context, since k8s v1.26 the process of setting file ownership and permissions based on the fsGroup specified in the securityContext will be performed by the CSI driver instead of Kubernetes. Is this not the case yet and are we still depending on Kubernetes for managing |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale /status lifecycle/frozen |
This seems like a bug in k8s. Even for default /transfer kubernetes |
Filed - kubernetes/kubernetes#127170 for fixing this in k8s. |
/kind bug
Hello,
I think I've found a bug with the new
ReadWriteOncePod
access mode in the latest EBS CSI driverWhat happened?
When deploying a statefulset, I realized that the
ReadWriteOncePod
access mode does not respectfsGroup
andfsGroupChange
. When using that access modes, the disk is mounted withroot:root
owner and the process cannot write into the disk.What you expected to happen?
The volume is mounted into the pod with the right mode, and the process can write to the disks. ,
How to reproduce it (as minimally and precisely as possible)?
Same experiment with ReadWriteOnce:
update pod:
Check:
Anything else we need to know?:
Environment
kubectl version
): v1.28.6-eks-508b6b3The text was updated successfully, but these errors were encountered: