AzureFile not working with non-root user, unable to upgrade to fixed version of K8S

[duizendnegen]

In the 1.8.x branch until 1.8.5, volumes are mounted as 0x700. Amongst others, Jenkins creates a jenkins-user which accesses the volume, leading to a permission denied error.

1.7.9 can be used as a workaround, but I can't downgrade my 1.8.2 cluster to this. 1.8.5 also fixes this, but this is not available on AKS yet.

See kubernetes/kubernetes#54674 for the fix.

[rtyler]

The solution I had when experimenting with the AzureFile Storage Class for AKS was to use runAsUser: 0 in the pod spec.

That said, I did a significant amount of testing between AzureFile and AzureDisk storage for Jenkins specifically, and I strongly recommend against using AzureFile for Jenkins.

[andyzhangx]

@duizendnegen what's your wanted mountOptions? There are some back and forth discussion about this value, and in current master branch, it would be set as 0755 by default. If you want to set as other value, you could follow this guide to use self defined mountOptions(available from v1.8.5)
@rtyler very good practice!

[duizendnegen]

0x755 absolutely is my wanted mountOptions @andyzhangx . The unfortunate thing is that v1.8.5 is not available on AKS yet.

Thanks for the pointers @rtyler - I've played also with AzureDisk, but couldn't get the volume mounted at all there. Will follow up on that separately if I get stuck with it again.

I'll report back with my chosen path forward.

[duizendnegen]

Just pinging back, runAsUser: 0 is a great workaround for this. Thank you.

I'm closing this ticket, but I'm keeping my fingers crossed for getting 1.8.5 on AKS soon.

[andyzhangx]

@duizendnegen Hi, did you get any issue when using AzureDisk? I could provide help. Basically you could follow this guide:
https://github.com/andyzhangx/Demo/tree/master/linux/azuredisk