non root user can't use mounted longhorn block device in kube

[mosinnik]

Default storage cfg.

On storage pod on stating got:

:BS_PDISK CRIT: PDiskId# 1 BlockDevice initialization error! Can't open file "/dev/kikimr_ssd_00": not enough rights. Marker# BPD39
:BS_PDISK CRIT: PDiskId# 1 bootstrapped to the StateError, reason# Can't open file "/dev/kikimr_ssd_00": not enough rights. Can not be initialized Config: {TPDiskConfg Path# "/dev/kikimr_ssd_00" Expected.......

Inside pod ydb run as ydb user but device mapped mounted for root without additional rights for ydb user:

ydb@storage-sample-7:/$ ls -l /dev/kikimr_ssd_00 
brw-rw----. 1 root root 8, 128 Jun 28 14:22 /dev/kikimr_ssd_00

It related to longhorn/longhorn#8088 with workarounds.
So we need to able to setup securityContext for pods in operator manifest or remove runAsNonRoot: true

operator 0.5.16
kube: 1.27.4

[kobzonega]

@mosinnik

It related to longhorn/longhorn#8088 with workarounds.

I think it's Loghorn bug with mount as root with super privileges instead of use disk group. As what I see that bug was already fixed by this PR longhorn/longhorn-engine#1043. Please try to update this component

So we need to able to setup securityContext for pods in operator manifest or remove runAsNonRoot: true

In most cases it's securityContext configuration allows you to run the YDB cluster correctly with respecting the security restrictions. Probably it'll be good enhancement if we found enough cases where it will be useful. In this case it's not bug of ydb-operator