Postgre - ApplyFSGroup Failed for volume : Permission Denied

Hi there,

We are deploying Postgre (Crunchy) using the PureFB provisioned by Portworx. We are running on Openshift 4.10.22 and Portworx 2.11.1

The new deployment went well and everything works as expected. However when we terminated/restarted the running pod, the new pod is stuck at “Container Creating”. The event logs shows this message;

MountVolume.SetUp failed for volume “pvc-” : applyFSGroup failed for vol : open /var/lib/kubelet/pods//volumes/kubernetes.io~csi/pvc-/mount/pg14: permission denied

Anyone encountered the same issue ?

I see similar issue with AWS EFS CSI driver,

and the workaround is to set uid and gid. however I couldn’t find those params on Portworx.

Appreciate any input.

Thanks,
Ian

Can you share the StorageClass for provisioning the volume ?

Hi Sanjay,

We got it solved, thanks.

Thanks,
Ian

Glad that it was resolved, if you can share how it was resolved would be good for other if anyone hit the same issue or just confirmed if you applied the same storageclass shared below.

We are also updating the document to change the StorageClass to:

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: portworx-pso-fb-v4
provisioner: pxd.portworx.com
parameters:
  backend: "pure_file"
  pure_export_rules: "*(rw,no_root_squash)"
mountOptions:
  - nfsvers=3
  - tcp
allowVolumeExpansion: true

Hi Sanjay,

Yes you are right, we added the “no_root_squash”.
After we upgraded to a newer version, somehow we noticed that the folder was always owned by the “nobody” group. By adding the “no_root_squash” option, the folder is now allowed to be owned by “root”.

Thanks,
Ian

1 Like