GitLab Shell: Need to set runAsGroup in the securityContext
Summary
I'm using StorageOS for persistent storage on Kubernetes.
I get the error that permission is denied when I use only the defaults runAsUser
and fsGroup
. When I add runAsGroup
then write access is possible to persistent volumes.
Working Configuration
That is a diff between the original and the adjusted yaml in the chart.
gitlab-shell/templates/deployment.yaml
@@ -48,7 +48,6 @@ spec:
{{ toYaml .Values.init.resources | indent 12 }}
securityContext:
runAsUser: 1000
- runAsGroup: 1000
fsGroup: 1000
{{- include "pullsecrets" .Values.image | indent 6}}
Current behavior
The pod crashes because it cannot write files or cannot create folders.
Expected behavior
The pod is able to write files and to create folders.
For this it seems that runAsGroup
is required.
Could the reason be also in a too strict podSecurityPolicy?
Versions
- Chart: 2.2.6
- Platform:
- Cloud: no
- Self-hosted: Kubespray
- Kubernetes:
- Client: 1.15.1
- Server: 1.15.1
Edited by Jason Plum