-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker container crashes inside Kubernetes - Permission denied #238
Comments
If it helps, we run verdaccio inside Kubernetes and the |
Do you think this should be enough to fix it?
|
Looks like this is already in the Dockerfile
I think the problem might be that we specify the volume after that command and after assuming the verdaccio user.
|
That's not the problem unfortunatelly. It won't help. Until the problem will be found, the following unsecure workaround can be used, add this to your deployment right before the verdaccio container spec: {
"initContainers": [
{
"name": "verdaccio-init",
"image": "busybox",
"imagePullPolicy": "IfNotPresent",
"command": [
"sh",
"-c",
"chmod 777 -R /verdaccio/storage"
],
"volumeMounts": [
{
"name": "verdaccio-storage",
"mountPath": "/verdaccio/storage"
}
]
}
]
} |
Can that can be tested in a local environment? |
I think you could use minikube to test it locally. Kubernetes mounts the volume just before the dockerfile's CMD command as root. Thats why we cannot write to the storage folder. |
Cool, thanks for that 👍 |
This is not a kubernetes specific problem unfortunately. If you run the following command the image is going to fail with EPERM, because docker is mounting the volumes as the host user or root. The issue is tracked here. |
@adrianchifor So to recap this, the fix for this problem is to set this on the PodSpec: "securityContext": {
"fsGroup": 101
} Where 101 is the verdaccio group id. Kubernetes is going to give permission for that group to write on the attached volume |
Shipped under |
@markpeterfejes @juanpicado cheers guys! |
I wonder if this fix on
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Started happening since we upgraded to 2.2.2. Looks like
.sinopia-db.json
is created by root and is then accessed by verdaccio user (introduced in 2.2.2).The text was updated successfully, but these errors were encountered: