[kubernetes deployment] Container root access on config and log directories

[Dev0Pos]

Hello,

I am trying to deploy a new operator (verticadb-operator/version: 2.1.3) with a new version of Vertica (verticadb 24.2.0) using PVC and PV.

Unfortunately, during the container startup, I receive a message from the log:

2024/07/06 22:50:21 New NodeManagementAgent starting 2024-07-06T20:50:21.029551313Z 2024/07/06 22:50:21 Checking for existence of directory /opt/vertica/log 2024-07-06T20:50:21.029554897Z 2024/07/06 22:50:21 Moving working directory to /opt/vertica/log 2024-07-06T20:50:21.029562377Z 2024/07/06 22:50:21 Successfully opened file /proc/1/fd/1. Setting log output to that file. 2024-07-06T20:50:21.029566634Z 2024/07/06 22:50:21 New log for process 1 2024-07-06T20:50:21.029569786Z 2024/07/06 22:50:21 Called with args [/opt/vertica/bin/node_management_agent] 2024-07-06T20:50:21.029572910Z 2024/07/06 22:50:21 Hostname [MASKED] User id 5000 2024-07-06T20:50:21.029576326Z 2024/07/06 22:50:21 Verbose logging is off 2024-07-06T20:50:21.029579186Z 2024/07/06 22:50:21 Checking for existence of directory /opt/vertica/config 2024-07-06T20:50:21.029585343Z 2024/07/06 22:50:21 Creating pid file named /opt/vertica/config/node_management_agent.pid 2024-07-06T20:50:21.029629831Z 2024/07/06 22:50:21 open /opt/vertica/config/node_management_agent.pid: permission denied

The permissions directly in the container look like this:

bash-5.1$ ls -ltr /opt/vertica/ total 3640 -rw-rw-r-- 1 998 996 3709506 Jun 7 16:21 LICENSES drwxrwxr-x 4 998 996 36 Jul 5 12:17 oss drwxr-xr-x 20 998 996 322 Jul 5 12:17 packages drwxrwxr-x 8 998 996 80 Jul 5 12:17 spread drwxrwxr-x 5 998 996 91 Jul 5 12:17 sdk drwxrwxr-x 2 998 996 4096 Jul 5 12:17 scripts drwxr-xr-x 3 998 996 101 Jul 5 12:17 java drwxr-xr-x 2 998 996 45 Jul 5 12:17 include drwxr-xr-x 2 998 996 57 Jul 5 12:17 en-US drwxr-xr-x 10 998 996 147 Jul 5 12:17 share drwxr-xr-x 2 998 996 4096 Jul 5 12:17 sbin drwxr-xr-x 2 998 996 4096 Jul 5 12:17 bin drwxr-xr-x 3 998 996 4096 Jul 5 12:18 lib drwxr-xr-x 2 root root 6 Jul 6 22:48 config drwxr-xr-x 2 root root 6 Jul 6 22:48 log

I understand that the log and config directories are created at runtime.

In the past, this was resolved with a dedicated entrypoint:
https://github.com/vertica/vertica-kubernetes/pull/53/files
Later, this script could be used as a cron s6-rc in a newer version, but now, can it be used differently?

Is there another way to override these permissions and properly start the container?

[qindotguan]

What is your PV/PVC provisioner? Can you check that the PVC has the correct permissions?

Take local-path-provisioner for example:
Get the paths from the configmap:
$ k describe cm local-path-config -n local-path-storage | grep paths
"paths":["/data/local-path-provisioner"]

Make sure the PVC directory's permission is 777:
$ ls -lsht /data/ | grep local-path-provisioner
4.0K drwxr-xr-x 36 root root 4.0K Sep 4 05:07 local-path-provisioner

$ ls -lsht /data/local-path-provisioner/ | grep pvc-4ad0125c-4674-411b-85cb-640f3439367b
4.0K drwxrwxrwx 3 root root 4.0K Sep 4 04:49 pvc-4ad0125c-4674-411b-85cb-640f3439367b_vertica_local-data-vertica-s3-sc1-0