PVCs permission issues on the data folder with new Platform Operator
- Diego Duarte
- Harsh Bansal
Owned by Diego Duarte, created
Problem
When using Persistent Volume Claims (PVCs) with the new HiveMQ Platform Operator for Kubernetes, the data mount is not created and fails due to permission issues on the data folder.
2024-07-04 11:55:42,915 INFO - 2024-07-04 11:55:42,915 WARN - HiveMQ data directory (/opt/hivemq/data) is not writable. Please make sure that the directory has the correct write permission.
2024-07-04 11:55:42,919 INFO - 2024-07-04 11:55:42,918 ERROR - Could not open data lock file.
2024-07-04 11:55:42,919 INFO - java.nio.file.AccessDeniedException: /opt/hivemq/data/data.lock
2024-07-04 11:55:42,919 INFO - at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
2024-07-04 11:55:42,919 INFO - at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
2024-07-04 11:55:42,919 INFO - at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
2024-07-04 11:55:42,919 INFO - at java.base/sun.nio.fs.UnixFileSystemProvider.newFileChannel(Unknown Source)
2024-07-04 11:55:42,919 INFO - at java.base/java.nio.channels.FileChannel.open(Unknown Source)
2024-07-04 11:55:42,920 INFO - at java.base/java.nio.channels.FileChannel.open(Unknown Source)
2024-07-04 11:55:42,920 INFO - at com.hivemq.HiveMQServer$a.a(Source.java:446)
2024-07-04 11:55:42,920 INFO - at com.hivemq.HiveMQServer.a(Source.java:144)
2024-07-04 11:55:42,920 INFO - at com.hivemq.HiveMQServer.d(Source.java:304)
2024-07-04 11:55:42,920 INFO - at com.hivemq.HiveMQServer.main(Source.java:103)Solution
By updating the podSecurityContext in values.yaml file with the appropriate user, group, and fsGroup settings, we successfully resolved the permission issues and ensured that the data mount was created correctly. This configuration ensures that the PVC is mounted with the correct user permissions, preventing access errors.
podSecurityContext:
enabled: true
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 0
fsGroup: 10000
fsGroupChangePolicy: "OnRootMismatch"