I have written pod yaml and pvc yaml as below and created dynamic provision pod with storage class. But when pod execute and calling api to access/modified files in PV it gives an timeout exception. Expect to create files with full permission. PV directory created with full permission. Please find the below pod,pvc and nfs-client-deployment yamls.
pod.yaml
kind: Deployment
metadata:
name: dms
spec:
replicas: 1
selector:
matchLabels:
app: dms
template:
metadata:
labels:
app: dms
spec:
volumes:
- name: dms-repo-storage
persistentVolumeClaim:
claimName: dms-repo
- name: dms-log-storage
persistentVolumeClaim:
claimName: dms-log
containers:
- name: dms
image: xxxx/xxx/dms:3
env:
- name: PORT
value: "61024"
- name: QUARKUS_LOG_FILE_PATH
value: "/log/applicationPassive.log"
- name: REPO_HOME_DIR
value: "/document/repo"
- name: REPO_TYPE
value: "SEGMENT"
ports:
- containerPort: 61024
volumeMounts:
- mountPath: "/document/repo"
name: dms-repo-storage
- mountPath: "/log"
name: dms-log-storage
---
apiVersion: v1
kind: Service
metadata:
name: dms
labels:
app: dms
spec:
ports:
- port: 61024
name: http
targetPort: 61024
selector:
app: dms
type: ClusterIP
*PVC.yaml*
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: dms-repo
spec:
storageClassName: nfs-storage-app
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi
*nfs-client-deployment.yaml*
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner-app
namespace: msdev1
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner-app
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner-app
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner-app
namespace: msdev1
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner-app
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner-app
namespace: msdev1
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner-app
namespace: msdev1
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner-app
namespace: msdev1
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner-app
apiGroup: rbac.authorization.k8s.io
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-storage-app
provisioner: nfs-provisioner-app
parameters:
archiveOnDelete: "true"
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: nfs-client-provisioner-app
spec:
replicas: 1
selector:
matchLabels:
app: nfs-client-provisioner-app
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner-app
spec:
serviceAccountName: nfs-client-provisioner-app
containers:
- name: nfs-client-provisioner-app
image: xxx/xxxx/nfs-client-provisioner:v3.1.0-k8s1.11
volumeMounts:
- name: nfs-client-root-app
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: nfs-provisioner-app
- name: NFS_SERVER
value: "serveripaddress"
- name: NFS_PATH
value: /nfs_srims
volumes:
- name: nfs-client-root-app
nfs:
server: "serveripaddress"
path: /nfs_srims
Created files with permission as below.
-rw-r--r--. 1 root root 178688 Jul 16 19:29 data00104a.tar
-rw-r--r--. 1 root root 160768 Jul 16 19:45 data00105a.tar
This should be change as below full permission to pod api calls working successfully.
-rwxrwxrwx. 1 root root 178688 Jul 16 19:29 data00104a.tar
-rwxrwxrwx. 1 root root 160768 Jul 16 19:45 data00105a.tar
