Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18609

Kubernetes persistentvolume permissions using Rook

    Details

    • Type: Bug
    • Status: Open
    • Priority: Blocker
    • Resolution: Unresolved
    • Affects Version/s: 6.8.3
    • Fix Version/s: None
    • Labels:
      None
    • Environment:

      Description

      I am attempting to to follow the guide found here on getting Artifactory running on Kubernetes:

      https://github.com/jfrog/artifactory-docker-examples/tree/master/kubernetes

      Issue I am getting is the persistentVolume is mounted to the container with root privileges and the permissions checks fail when the artifactory container starts.  

      $ kubectl create -f artifactory-oss.yml
      deployment.extensions/artifactory-k8s-deployment created
      service/artifactory created
      $ kubectl logs -f artifactory-k8s-deployment-b8b9bb5fd-klkh6
      Error from server (BadRequest): container "artifactory-oss-k8s" in pod "artifactory-k8s-deployment-b8b9bb5fd-klkh6" is waiting to start: ContainerCreating
      $ kubectl logs -f artifactory-k8s-deployment-b8b9bb5fd-klkh6
      2019-02-26 20:08:18 [456 entrypoint-artifactory.sh] Preparing to run Artifactory in Docker
      2019-02-26 20:08:18 [457 entrypoint-artifactory.sh] Running as uid=1030(artifactory) gid=1030(artifactory) groups=1030(artifactory)
      2019-02-26 20:08:18 [49 entrypoint-artifactory.sh] Dockerfile for this image can found inside the container.
      2019-02-26 20:08:18 [50 entrypoint-artifactory.sh] To view the Dockerfile: 'cat /docker/artifactory-oss/Dockerfile.artifactory'.
      2019-02-26 20:08:18 [55 entrypoint-artifactory.sh] Checking open files and processes limits
      2019-02-26 20:08:18 [58 entrypoint-artifactory.sh] Current max open files is 1048576
      2019-02-26 20:08:18 [70 entrypoint-artifactory.sh] Current max open processes is unlimited
      2019-02-26 20:08:18 [198 entrypoint-artifactory.sh] Setting up Artifactory data directories if missing
      2019-02-26 20:08:19 [169 entrypoint-artifactory.sh] Testing directory /var/opt/jfrog/artifactory has read/write permissions for user 'artifactory' (id 1030)
      /entrypoint-artifactory.sh: line 138: /var/opt/jfrog/artifactory/lost+found/test-permissions: Permission denied
      2019-02-26 20:08:19 [187 entrypoint-artifactory.sh] ###########################################################
      2019-02-26 20:08:19 [188 entrypoint-artifactory.sh] /var/opt/jfrog/artifactory DOES NOT have proper permissions for user 'artifactory' (id 1030)
      2019-02-26 20:08:19 [189 entrypoint-artifactory.sh] Directory: /var/opt/jfrog/artifactory, permissions: 2775, owner: root, group: artifactory
      2019-02-26 20:08:19 [190 entrypoint-artifactory.sh] Mounted directory must have read/write permissions for user 'artifactory' (id 1030)
      2019-02-26 20:08:19 [191 entrypoint-artifactory.sh] ###########################################################
      2019-02-26 20:08:19 [39 entrypoint-artifactory.sh] ERROR: Directory /var/opt/jfrog/artifactory has bad permissions for user 'artifactory' (id 1030)

       

      I have attempted to modify the artifactory.yml file to use a securityContext to mount the drive with gid=1030 (artifactory) which isn't working

       

      $ cat artifactory-oss.yml
      apiVersion: extensions/v1beta1
      kind: Deployment
      metadata:
      name: artifactory-k8s-deployment
      spec:
      replicas: 1
      template:
      metadata:
      labels:
      app: artifactory-oss-k8s
      group: artifactory-k8s-demo
      spec:
      securityContext:
      runAsUser: 1030
      fsGroup: 1030
      containers:

      • name: artifactory-oss-k8s
        image: docker.bintray.io/jfrog/artifactory-oss:6.8.3
        env:
      • name: DB_TYPE
        value: postgresql

      --SNIP--

      This isn't helping/working.

      I know things are working as the postgres container started up and performed the necessary changes to get the mount point permission fixed. Within the postgesql container, the process is running as postgres with permissions set correctly on mount point:

      root@postgresql-k8s-deployment-68bfd894dd-hwrsb:/# ls -lah /var/lib/postgresql/
      total 12K
      drwxr-xr-x 1 postgres postgres 4.0K Nov 16 06:07 .
      drwxr-xr-x 1 root root 4.0K Nov 16 06:06 ..
      drwx------ 19 postgres root 4.0K Feb 26 17:44 data

      This should be addressed so this published deployment works.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              andrewjkrull Andrew
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: