Bug 1571211 - [RFE][CephFS Provisioner] Allow non-privileged Pods to write CephFS volumes
Summary: [RFE][CephFS Provisioner] Allow non-privileged Pods to write CephFS volumes
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage
Version: 3.10.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.10.z
Assignee: hchen
QA Contact: Liang Xia
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-24 10:19 UTC by Jianwei Hou
Modified: 2019-11-20 19:10 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-11-20 19:10:08 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Jianwei Hou 2018-04-24 10:19:38 UTC
Description of problem:
The volumes provisioned by CephFS provisioner only allows root user to write. That means only privileged Pod could write to a CephFS volume created by the provisioner. 

Version-Release number of selected component (if applicable):
openshift v3.10.0-0.22.0
kubernetes v1.10.0+b81c8f8

How reproducible:

Steps to Reproduce:
1. Deploy CephFS provisioner, create storageclass, PVC and Pod
2. Write to CephFS volume

Actual results:
Volume is mounted successfully, but user can not write in the mount directory unless Pod is created privileged.

/ $ ls /mnt/cephfs/ -dl
drwxr-xr-x    1 root     root             0 Apr 24 09:51 /mnt/cephfs/
/ $ id
uid=1000100000 gid=0(root) groups=1000100000

Expected results:
Allow writes for non-privileged Pods

Master Log:

Node Log (of failed PODs):

PV Dump:

PVC Dump:

StorageClass Dump (if StorageClass used by PV/PVC):

Additional info:

Comment 1 hchen 2018-04-24 15:30:45 UTC
Per chat with John, we can make this happen at provisioning time. This requires container image and storage class change though.

Comment 3 Stephen Cuppett 2019-11-20 19:10:08 UTC
OCP 3.6-3.10 is no longer on full support [1]. Marking CLOSED DEFERRED. If you have a customer case with a support exception or have reproduced on 3.11+, please reopen and include those details. When reopening, please set the Target Release to the appropriate version where needed.

[1]: https://access.redhat.com/support/policy/updates/openshift

Note You need to log in before you can comment on or make changes to this bug.