0

I'm running a mongodb instance as a kubernetes pod in a single node cluster (bare metal ubuntu machine). The volume is configured ReadWriteOnce as the mongodb pod is accessed only by pods in one node.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mongo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mongo
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: mongo
    spec:
      hostname: mongo
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: data
        - name: restore
          persistentVolumeClaim:
            claimName: restore
      containers:
        - name: mongo
          image: mongo:4.4.14
          args: ["--auth"]
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 27017
          volumeMounts:
            - mountPath: /data/db
              name: data
            - mountPath: /restore
              name: restore
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: data
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi

But from time to time I cannot run commands like inserting documents to a non existing collection or running mongodump. Then I do get the error MongoServerError: 1: Operation not permitted. This is caused by a chown problem: ls -ld /data/db/ is returning

drwxr-sr-x 4 nobody 4294967294 16384 Jun 28 18:19 /data/db/

I can fix the problem by running

chown mongodb:mongodb /data/db

But after some time it changes again, so the same problem happens again and I have to rerun the chown mongodb:mongodb /data/db

user3142695
  • 121
  • 6

1 Answers1

0

You need to add securityContext for your volume, something like following. securityContext have more options so you can adjust permissions according to your needs.

spec:
  securityContext:
    fsGroup: 2000 
    runAsUser: 1000
    fsGroup: 1000    
  volumes:
    name: data
      persistentVolumeClaim:
        claimName: data
xs2rashid
  • 184
  • 5