-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rclone backup writes to root directory instead of mounted emptyDir #104
Comments
Hacky workaround: the
|
The latest image for |
That makes things less hacky, but a workaround is still required if
i.e. users still have to manually bind their backup volume, because this chart currently puts it at Not sure what our tolerance is for breaking changes to the rclone integration (it's pretty new), but I suspect that if we continue using |
The backup sidecar support was only added 25 days ago, so I think it's reasonable to make a breaking change now rather than perpetuate an awkward configuration. If you could PR something, then that would be great. |
Context
This chart creates an emptyDir (or, if backup persistence is enabled, a PVC) mount at the location given by
destDir
. Kubernetes sets the filesystem permissions automatically so thattar
backups can be written to this directory.The
destDir
option is doing double duty; forrclone
backups, it also specifies the location within the rclone bucket where backups will be uploaded.Issue
When
rclone
is selected as the backup method, the backup tar file is temporarily written to disk before being uploaded. However, the file is written in the current working directory, which defaults to/
. On some (all?) Kubernetes providers, the root directory is not writable to containers that have dropped privileges, so unless the container has been set to run as root, the temporary file cannot be written, and the backup fails.There's a few options for fixes:
destDir
; orrclone
temporary files todestDir
; and/orIt feels cleanest to decouple the two uses of
destDir
, but doing so could also be a breaking change for people who haverclone
backup already working via a root-privileged container.The text was updated successfully, but these errors were encountered: