...
| Code Block |
|---|
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS VOLUMEATTRIBUTESCLASS REASON AGE fss-pv 1Gi RWX Delete Available <unset> 9s |
Pod cannot access file system due to insufficient permissions
When a pod attempts to access a persistent volume (PV) backed by a file system in the File Storage service, the attempt might fail with a "Permission Denied" message.
This is because the volume is only accessible to processes running as root. As a result, a pod that is not running as root receives the "Permission Denied" message when attempting to access a directory or file in the mounted volume.
To resolve the "Permission Denied”, follow these steps:
Obtain the CSIDriver configuration file
| Code Block |
|---|
kubectl get csiDriver fss.csi.oraclecloud.com -o yaml > fss_csi_driver.yaml |
Edit the fss_csi_driver.yaml file and change the CSIDriver object's
spec.fsGroupPolicyattribute fromReadWriteOnceWithFSTypetoFile. For example,
| Code Block |
|---|
kind: CSIDriver
metadata:
creationTimestamp: "<timestamp>"
name: fss.csi.oraclecloud.com
resourceVersion: "<version>"
uid: <identifier>
spec:
attachRequired: false
fsGroupPolicy: File
podInfoOnMount: false
requiresRepublish: false
storageCapacity: false
volumeLifecycleModes:
- Persistent |
Delete the existing CSIDriver object
| Code Block |
|---|
kubectl delete csiDriver fss.csi.oraclecloud.com |
Create the new CSIDriver object from fss_csi_driver.yaml
| Code Block |
|---|
kubectl apply -f fss_csi_driver.yaml |
For more information, please refer to the Troubleshooting File Storage Service Provisioning of PVCs
oci-native-ingress-controller
...
Create a config file named user-auth-config.yaml, containing credential information, in the following format:
| Code Block | language | bash
|---|
auth: region: <region-identifier> user: <user-ocid> fingerprint: <fingerprint> tenancy: <tenancy-ocid> |
...