New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BZ#1601757 - added considerations for using MySQL and PostgreSQL with azure file #10930
Conversation
@tanaka-takayoshi PTAL |
@gaurav-nelson It looks good for me. However, I'd like some MySQL/PostgreSQL expert to review it. If you know suitable persons, please let them know.
|
@hhorak |
The preview will be availble shortly at:
|
@tanaka-takayoshi The data of the database shouldn't be readable by others, and also the executable flag is not necessary for files. The group read-write is used for cases when user specifies a random UID, docker sets GUID to 0. So, if this trick with GUID 0 is not necessary, I'd say what should be enough is directory permission 0700 and file permission 0600 -- at least that should be enough if the container runs with the same UID as the volume directory. I'm not able to verify though, whether this is working for the NFS/Azure use case, that's something way beyond my ability to check. |
@hhorak Thaks for that.
|
96c3b9d
to
f193629
Compare
Thanks @tanaka-takayoshi @hhorak |
.Considerations when using MySQL and PostgresSQL with Azure file | ||
* The owner UID of the Azure File mounted directory is different from the UID of a container. | ||
* Both MySQL and PostgreSQL containers change the file owner permission in the mounted directory. Because of the mismatch between the owner UID and container process UID, this operation fails. Therefore to run MySQL with Azure File: | ||
** Specify the UID in `runAsUser` variable in the pod specification file. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/in runAsUser
variable/in the runAsUser
variable
securityContext: | ||
runAsUser: 1000125000 | ||
---- | ||
** Specify the `uid` in mount options: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this also in the pod spec? And because consistency, maybe:
Specify the UID in the mountOptions
stanza [in the pod specification file?]:
- gid=0 | ||
---- | ||
|
||
* Azure File does not support link:https://docs.microsoft.com/en-us/rest/api/storageservices/features-not-supported-by-the-azure-file-service[symbolic link]. Therefore when PostgreSQL creates a symbolic link in the Azure File directory, the pod fails to start. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes it sound like it will happen and there's nothing you can do about it. Should it be "If PostgreSQL creates a symbolic link, the pod will fail"? Is there a way around this?
@gaurav-nelson I made some comments and asked some tough questions... |
f193629
to
90669ca
Compare
@gaurav-nelson - added enterprise-3.11 as a reminder. |
90669ca
to
a7c0fe3
Compare
Updated for PostgreSql based on sclorg/postgresql-container#286 (comment) |
/cherrypick enterprise-3.9 |
/cherrypick enterprise-3.10 |
/cherrypick enterprise-3.11 |
@gaurav-nelson: new pull request created: #11375 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@gaurav-nelson: new pull request created: #11376 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@gaurav-nelson: new pull request created: #11377 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
For https://bugzilla.redhat.com/show_bug.cgi?id=1601757