...
Code Block | ||
---|---|---|
| ||
ALLOW any-user to use virtual-network-family in compartment <compartment-name> where request.principal.type = 'cluster' |
Update Default CSI Driver
When a pod attempts to access a persistent volume (PV) backed by a file system in the File Storage service, the attempt might fail with a "Permission Denied" message.
This is because the volume is only accessible to processes running as root. As a result, a pod that is not running as root receives the "Permission Denied" message when attempting to access a directory or file in the mounted volume.
To resolve the "Permission Denied”, follow these steps:
Obtain the CSIDriver configuration file
Code Block |
---|
kubectl get csiDriver fss.csi.oraclecloud.com -o yaml > fss_csi_driver.yaml |
Edit the fss_csi_driver.yaml file and change the CSIDriver object's
spec.fsGroupPolicy
attribute fromReadWriteOnceWithFSType
toFile
. For example,
Code Block |
---|
kind: CSIDriver
metadata:
creationTimestamp: "<timestamp>"
name: fss.csi.oraclecloud.com
resourceVersion: "<version>"
uid: <identifier>
spec:
attachRequired: false
fsGroupPolicy: File
podInfoOnMount: false
requiresRepublish: false
storageCapacity: false
volumeLifecycleModes:
- Persistent |
Delete the existing CSIDriver object
Code Block |
---|
kubectl delete csiDriver fss.csi.oraclecloud.com |
Create the new CSIDriver object from fss_csi_driver.yaml
Code Block |
---|
kubectl apply -f fss_csi_driver.yaml |
For more information, please refer to the Troubleshooting File Storage Service Provisioning of PVCs
Provisioning of PVC
User can use the File Storage service to provision persistent volume claims (PVCs) in two ways:
...