mkdir /data/attachments: permission denied #135
Labels
No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
No Milestone
No Assignees
5 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitea/helm-chart#135
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Describe the issue
When redeploying the gitea chart, it suddenly started complaining about not being able to create the directory
/data/attachments
because permissions are denied.This is after I removed the PVC & PV from the K8s cluster. So a full clean install basically.
Last week it ran, no problem, on 1.13.2.
Version
Running chart v2.2.2
Tested on chart v2.2.3 as well, same problem
Tested on Gitea 1.13.2, 1.13.4, 1.13.5, 1.13.6 all have the same problem
Log:
Workaround:
Add:
chmod 777 /data
to https://gitea.com/gitea/helm-chart/src/branch/master/templates/gitea/init.yaml#L18
But this could pose security issues.
And not sure how this would work/interfere with the upcoming 1.14 release
I have got the same issue Gitea v1.13.7. The workaround does not work in my case.
@Dunky13 @skriesch Which k8s distribution are both of you using, and what storage provider are you using for your PVs?
I am using local storage (on EC2) on my Kubernetes node on AWS.
I am using Docker in combination with Kubernetes (Rancher) on Ubuntu.
Docker version: 17.03.2-ce
Kubernetes version: v1.13.4
Linux: Ubuntu 16.04.7 LTS
My PV file for PersistentVolume (Storage Class created before):
The PVC:
K8s: 1.19.6 on AWS
Storage provider is AWS EBS with gp2 storage class
can you provide the output of ls -la /data ?
Also your helm chart values would be helpful
I am able to deploy gitea with not enabled persistence (but enabled persistence for postgresql). That is the output of ls -la /data then:
One hint: I had problems with volumePermissions at PostgreSQL before, too. I have fixed that with following additional values. I tried that for gitea without success:
Reference for the permission issue fix: PostgreSQL Helm Blog
My values.yaml:
volumePermissions is bitnami specific and not implemented in the gitea helm chart. Anyways I'll have a look into this issue
Ok, so it seems, that some storageClasses have issues with securityContext.fsgroup, which is used to mount as group git, which allows the container to access /data properly.
I could recreate this issue by using hostpath storage, which completly ignores the fsgroup. However I can't reproduce this on AWS since i don't have an account to test the storage.
My current solution is quite similar to @Dunky13 chmod but I use chown 1000:1000 on /data, which only allows the git user to access the directory this should also be okay with the 1.14 version.
Should be fixed with #144
I have tested this fix. It does not work with hostPath. Perhaps I should switch to gp2.
Weird, i tested with hostPath and it worked fine. Can you show your storage class?
That could be my problem. I thought I would be using an existing StorageClass by our team:
Thank you for the hint!
I have created the storageClass now:
But I am receiving the same error message...
My storage class configuration:
Sorry! That was my mistake. I have tried the stable branch instead of the fix. Yes. It is working now with a local clone of your fix.
Thank you!
merged #144
Hey! I am glad that I read your blog; you have clearly explained the responsibilities of freelance developers. I also came across one of the freelancing platforms that are Eiliana.com; they help you connect with top developers. I hope that helps you.