[BR] Folder is not writable by user abc on K3s using longhorn about k8s-mediaserver-operator HOT 5 OPEN

kubealex commented on May 22, 2024

[BR] Folder is not writable by user abc on K3s using longhorn

from k8s-mediaserver-operator.

Comments (5)

davidfrickert commented on May 22, 2024 1

fsGroup seems to work.
edit deployments in the helm chart to include securityContext fsGroup, like so:

### DEPLOYMENT
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sonarr
  labels:
    {{- include "k8s-mediaserver.labels" . | nindent 4 }}
spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      {{- include "k8s-mediaserver.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "k8s-mediaserver.selectorLabels" . | nindent 8 }}
        app: sonarr
    spec:
      securityContext:
        fsGroup: {{ .Values.general.pgid }}
      initContainers:
#(....)

an alternative is to add an init container that does chown but from my experience that is very clunky

from k8s-mediaserver-operator.

kubealex commented on May 22, 2024

Hi @agustinvinao, thank you for reporting this, do you mind sharing the k8s-mediaserver.yml you used for the setup? Thank you!

from k8s-mediaserver-operator.

agustinvinao commented on May 22, 2024

I've cloned the repo and Im using the origin yml file.

Something I've notice is I can use any folder with abc user (app, config, defaults and downloads). I've tried setting user and group 1000 but it doesn't work.

Im using another file for the ingress, currently have traefik accessing.

here is my values file (Im enabling and disabling differente apps for testing):

# Default values for k8s-mediaserver.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

general:
  ingress_host: media.codespacelabs.com
  plex_ingress_host: plex.codespacelabs.com
  image_tag: latest
  #UID to run the process with
  puid: 1000
  #GID to run the process with
  pgid: 1000
  #Persistent storage selections and pathing
  storage:
    customVolume: false  #set to true if not using a PVC (must provide volume below)
    pvcName: mediaserver-pvc
    size: 50Gi
    pvcStorageClass: longhorn
    accessMode: ""
    # the path starting from the top level of the pv you're passing. If your share is server.local/share/, then tv is server.local/share/media/tv
    subPaths:
      tv: media/tv
      movies: media/movies
      downloads: downloads
      transmission: transmission
      sabnzbd: sabnzbd
      config: config
    volumes: 
      hostPath:
        path: /mnt/share
  # ingress:
  #   ingressClassName: ""

sonarr:
  enabled: true
  container:
    image: docker.io/linuxserver/sonarr
    nodeSelector: {}
    port: 8989
  service:
    type: ClusterIP
    port: 8989
    nodePort:
    extraLBService: false
    # Defines an additional LB service, requires cloud provider service or MetalLB
  ingress:
    enabled: false
    annotations: {}
    path: /sonarr
    tls:
      enabled: true
      certResolver: leresolver
      # secretName: ""
  resources: {}
  volume: {}
    # name: pvc-sonarr-config
    # storageClassName: longhorn
    # storage: 5Gi
    # accessModes: ReadWriteOnce
    #annotations:
    #  my-annotation/test: my-value
    #labels:
    #  my-label/test: my-other-value
    #selector: {}

transmission:
  enabled: true
  container:
    image: docker.io/linuxserver/transmission
    nodeSelector: {}
    port:
      utp: 9091
      peer: 51413
  service:
    utp:
      type: ClusterIP
      port: 9091
      nodePort:
      # Defines an additional LB service, requires cloud provider service or MetalLB
      extraLBService: false
    peer:
      type: ClusterIP
      port: 51413
      nodePort:
      nodePortUDP:
      # Defines an additional LB service, requires cloud provider service or MetalLB
      extraLBService: false
  ingress:
    enabled: false
    annotations: {}
    path: /transmission
    tls:
      enabled: false
      secretName: ""
  config:
    auth:
      enabled: true
      username: "admin"
      password: "Chester848"
  resources: {}
  volume:
    name: pvc-transmission-config
    storageClassName: longhorn
    storage: 5Gi
    accessModes: ReadWriteOnce
  #  annotations: {}
  #  labels: {}
  #  selector: {}

radarr:
  enabled: false
  container:
    image: docker.io/linuxserver/radarr
    nodeSelector: {}
    port: 7878
  service:
    type: ClusterIP
    port: 7878
    nodePort:
    extraLBService: false
    # Defines an additional LB service, requires cloud provider service or MetalLB
  ingress:
    enabled: false
    annotations: {}
    path: /radarr
    tls:
      enabled: false
      secretName: ""
  resources: {}
  volume:
    name: pvc-radarr-config
    storageClassName: longhorn
    storage: 5Gi
    accessModes: ReadWriteOnce
    #annotations: {}
    #labels: {}
    #selector: {}

prowlarr:
  enabled: true
  container: 
    image: docker.io/linuxserver/prowlarr
    tag: develop
    nodeSelector: {}
    port: 9696
  service:
    type: ClusterIP
    port: 9696
    nodePort: 
    extraLBService: false
  ingress:
    enabled: false
    annotations: {}
    path: /prowlarr
    tls:
      enabled: false
      secretName: ""
  resources: {}
  volume: {}
    # name: pvc-prowlarr-config
    # storageClassName: longhorn
    # storage: 5Gi
    # accessModes: ReadWriteOnce
  #  annotations: {}
  #  labels: {}
  #  selector: {}

plex:
  enabled: false
  claim: "CHANGEME"
  replicaCount: 1
  container:
    image: docker.io/linuxserver/plex
    nodeSelector: {}
    port: 32400
  service:
    type: ClusterIP
    port: 32400
    nodePort:
    # Defines an additional LB service, requires cloud provider service or MetalLB
    extraLBService: false
  ingress:
    enabled: false
    annotations: {}
    tls:
      enabled: false
      secretName: ""
  resources:
    limits:
      cpu: 100m
      memory: 100Mi
    requests:
      cpu: 100m
      memory: 100Mi
  volume:
    name: pvc-plex-config
    storageClassName: longhorn
    storage: 50Gi
    accessModes: ReadWriteOnce
  # #  annotations: {}
  # #  labels: {}
  # #  selector: {}


jackett:
  enabled: false
  container:
    image: docker.io/linuxserver/jackett
    nodeSelector: {}
    port: 9117
  service:
    type: ClusterIP
    port: 9117
    nodePort:
    extraLBService: false
    # Defines an additional LB service, requires cloud provider service or MetalLB
  ingress:
    enabled: false
    annotations: {}
    path: /jackett
    tls:
      enabled: false
      secretName: ""
  resources: {}
  volume: {}
  #  name: pvc-jackett-config
  #  storageClassName: longhorn
  #  annotations: {}
  #  labels: {}
  #  accessModes: ReadWriteOnce
  #  storage: 5Gi
  #  selector: {}

sabnzbd:
  enabled: false
  container:
    image: docker.io/linuxserver/sabnzbd
    nodeSelector: {}
    port:
      http: 8080
      https: 9090
  service:
    http:
      type: ClusterIP
      port: 8080
      nodePort:
      # Defines an additional LB service, requires cloud provider service or MetalLB
      extraLBService: false
    https:
      type: ClusterIP
      port: 9090
      nodePort:
      # Defines an additional LB service, requires cloud provider service or MetalLB
      extraLBService: false
  ingress:
    enabled: true
    annotations: {}
    path: /sabnzbd
    tls:
      enabled: false
      secretName: ""
  resources: {}
  volume: {}
  #  name: pvc-plex-config
  #  storageClassName: longhorn
  #  annotations: {}
  #  labels: {}
  #  accessModes: ReadWriteOnce
  #  storage: 5Gi
  #  selector: {}

from k8s-mediaserver-operator.

kubealex commented on May 22, 2024

thank you for the details, my question is, does longhorn require setting fsGroup or similar to work? I've seen this
longhorn/longhorn#1713 that shows something similar to what you are facing.

All containers run as non-privileged users (default 1000).

from k8s-mediaserver-operator.

emze9 commented on May 22, 2024

Hi,
did you manage to resolve this issue ? I've almost the same values file and got the same error.

from k8s-mediaserver-operator.

[BR] Folder is not writable by user abc on K3s using longhorn about k8s-mediaserver-operator HOT 5 OPEN

Comments (5)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent