Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mkdir: cannot create directory '/bitnami/<chart>/data': Permission denied #22523

Closed
achar007 opened this issue Jan 19, 2024 · 4 comments
Closed

mkdir: cannot create directory '/bitnami/<chart>/data': Permission denied #22523

achar007 opened this issue Jan 19, 2024 · 4 comments
Assignees
@javsalgar
Labels
mariadb solved stale 15 days without activity tech-issues The user has a technical issue about an application triage Triage is needed

Comments

@achar007
Copy link

achar007 commented Jan 19, 2024
edited

Name and Version

bitnami/mariadb

What architecture are you using?

amd64

What steps will reproduce the bug?

Attempting to install MariaDB using Helm on a K8s cluster.
Successful installation using the provided Helm command.
I had created a Persistent Volume (PV) using the manifest file below:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs-pv
spec:
  capacity:
    storage: 20Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Recycle
  storageClassName: nfs-pc
  mountOptions:
    - hard
    - nfsvers=4.1
  nfs:
    path: /nfs/data
    server: 192.168.56.1

kubectl apply -f pv.yml

helm install my-mariadb bitnami/mariadb -n my-mariadb

MariaDB pod fails to come up healthy due to volume permissions issue.

kubectl -n my-mariadb logs pods/my-mariadb-0 
mariadb 13:58:45.97 INFO  ==> 
mariadb 13:58:45.98 INFO  ==> Welcome to the Bitnami mariadb container
mariadb 13:58:45.98 INFO  ==> Subscribe to project updates by watching https://github.com/bitnami/containers
mariadb 13:58:45.98 INFO  ==> Submit issues and feature requests at https://github.com/bitnami/containers/issues
mariadb 13:58:45.98 INFO  ==> 
mariadb 13:58:45.99 INFO  ==> ** Starting MariaDB setup **
mariadb 13:58:46.00 INFO  ==> Validating settings in MYSQL_*/MARIADB_* env vars
mariadb 13:58:46.02 INFO  ==> Initializing mariadb database
mkdir: cannot create directory '/bitnami/mariadb/data': Permission denied

What values I need to change to fix this permission issue.

Attempted to set volume permissions with Helm install command:

helm install my-mariadb bitnami/mariadb --set volumePermissions.enabled=true -n my-mariadb

However, the init container for changing permissions fails.

kubectl get pods -n my-mariadb 
NAME           READY   STATUS                  RESTARTS        AGE
my-mariadb-0   0/1     Init:CrashLoopBackOff   7 (2m54s ago)   14m

kubectl logs my-mariadb-0 -c volume-permissions --namespace my-mariadb
chown: changing ownership of '/bitnami/mariadb': Operation not permitted

Are you using any custom parameters or values?

I followed the documentation -

https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-helm-chart-issues/

--set volumePermissions.enabled=true

What is the expected behavior?

No response

What do you see instead?

MariaDB pod fails to initialize due to permission issues.

kubectl -n my-mariadb logs pods/my-mariadb-0 
mariadb 13:58:45.97 INFO  ==> 
mariadb 13:58:45.98 INFO  ==> Welcome to the Bitnami mariadb container
mariadb 13:58:45.98 INFO  ==> Subscribe to project updates by watching https://github.com/bitnami/containers
mariadb 13:58:45.98 INFO  ==> Submit issues and feature requests at https://github.com/bitnami/containers/issues
mariadb 13:58:45.98 INFO  ==> 
mariadb 13:58:45.99 INFO  ==> ** Starting MariaDB setup **
mariadb 13:58:46.00 INFO  ==> Validating settings in MYSQL_*/MARIADB_* env vars
mariadb 13:58:46.02 INFO  ==> Initializing mariadb database
mkdir: cannot create directory '/bitnami/mariadb/data': Permission denied
kubectl get pods -n my-mariadb 
NAME           READY   STATUS                  RESTARTS        AGE
my-mariadb-0   0/1     Init:CrashLoopBackOff   7 (2m54s ago)   14m

kubectl logs my-mariadb-0 -c volume-permissions --namespace my-mariadb
chown: changing ownership of '/bitnami/mariadb': Operation not permitted

Additional information

No response
@achar007 achar007 added the tech-issues The user has a technical issue about an application label Jan 19, 2024
@github-actions github-actions bot added the triage Triage is needed label Jan 19, 2024
@achar007
Copy link
Author

achar007 commented Jan 20, 2024
edited

is this because the initContainer running as USER 1001 doesn't have permission to change the ownership as per the container dockerfile - https://github.com/bitnami/containers/blob/main/bitnami/os-shell/11/debian-11/Dockerfile#L51
If so should this image needs to run as root ?

@carrodher
Copy link
Member

Bitnami containers are designed to operate as non-root by default. Consequently, any files or directories used by the application should be owned by the root group, as the random user (1001 by default) is a member of this root group. To ensure proper permissions, you'll need to adjust the ownership of your local directory accordingly.

For more comprehensive information about non-root containers and their significance for security, you can explore the following resources:

These references provide valuable insights into the best practices and considerations when working with non-root containers in Bitnami applications.

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 5, 2024

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

@github-actions github-actions bot added the stale 15 days without activity label Feb 5, 2024
@github-actions GitHub Actions
Copy link

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

@bitnami-bot bitnami-bot closed this as not planned Won't fix, can't repro, duplicate, stale Feb 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javsalgar javsalgar

Labels
mariadb solved stale 15 days without activity tech-issues The user has a technical issue about an application triage Triage is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@javsalgar @bitnami-bot @carrodher @achar007