Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

\uD83E\uDD14 Problem

When using Persistent Volume Claims (PVCs) with the new HiveMQ Platform Operator for Kubernetes, the data mount is not created and fails due to permission issues on the data folder.

Code Block
2024-07-04 11:55:42,915 INFO  - 2024-07-04 11:55:42,915 WARN  - HiveMQ data directory (/opt/hivemq/data) is not writable. Please make sure that the directory has the correct write permission.
2024-07-04 11:55:42,919 INFO  - 2024-07-04 11:55:42,918 ERROR - Could not open data lock file.
2024-07-04 11:55:42,919 INFO  - java.nio.file.AccessDeniedException: /opt/hivemq/data/data.lock
2024-07-04 11:55:42,919 INFO  - 	at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
2024-07-04 11:55:42,919 INFO  - 	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
2024-07-04 11:55:42,919 INFO  - 	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
2024-07-04 11:55:42,919 INFO  - 	at java.base/sun.nio.fs.UnixFileSystemProvider.newFileChannel(Unknown Source)
2024-07-04 11:55:42,919 INFO  - 	at java.base/java.nio.channels.FileChannel.open(Unknown Source)
2024-07-04 11:55:42,920 INFO  - 	at java.base/java.nio.channels.FileChannel.open(Unknown Source)
2024-07-04 11:55:42,920 INFO  - 	at com.hivemq.HiveMQServer$a.a(Source.java:446)
2024-07-04 11:55:42,920 INFO  - 	at com.hivemq.HiveMQServer.a(Source.java:144)
2024-07-04 11:55:42,920 INFO  - 	at com.hivemq.HiveMQServer.d(Source.java:304)
2024-07-04 11:55:42,920 INFO  - 	at com.hivemq.HiveMQServer.main(Source.java:103)

\uD83C\uDF31 Solution

By updating the podSecurityContext in values.yaml file with the appropriate user, group, and fsGroup settings, we successfully resolved the permission issues and ensured that the data mount was created correctly. This configuration ensures that the PVC is mounted with the correct user permissions, preventing access errors.

Code Block
  podSecurityContext:
    enabled: true
    runAsNonRoot: true
    runAsUser: 10000
    runAsGroup: 0
    fsGroup: 10000
    fsGroupChangePolicy: "OnRootMismatch"

Filter by label (Content by label)
showLabelsfalse
max5
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@957
sortmodified
showSpacefalse
reversetrue
typepage
labelskb-troubleshooting-article
cqllabel = "kb-troubleshooting-article" and type = "page" and space = "KB"