deployment-repository.yml in Helm has no fs initContainer
kikinsama opened this issue · 2 comments
The lack of the (presumably named) init-fs initContainer, that supposedly should establish file permissions for the repository deployment, has the side effect of making said deployment unable to startup.
The user that runs Alfresco (33000) is not able to create the necessary files for the repository application to start. I was able to verify this by creating a hostPath PV and assigning 777 permissions on it, at which point the deployment was able to start.
Strangely enough, values.yml has properties for configuring the non-existing initContainer
Hi @kikinsama
That initContainer has been removed as we have moved to the "newer" fsGroup/RunAsGroup approach documented here.
The default behavior of the for kubernetes Pods' securityContext is to Always run the owner & mode operation on mount (similarly to what the old initContainers did) but you can also use the more clever fsGroupChangePolicy: OnRootMismatch as explained here.
MAke sure your pods/ pods template have the required security contexts
Admittedly, we indeed have some cleanup work to do in the values.yaml.