From 1b1d2ba1e7bf9f5519530cc9fde54d91fa7ea8c8 Mon Sep 17 00:00:00 2001 From: Angel Misevski Date: Thu, 24 Jan 2019 16:51:13 -0500 Subject: [PATCH] Enable precreate subpaths property by default in templates The property CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS is required for PVC cleanup on current versions of Kubernetes/OpenShift. Without the property enabled, subpaths are created in PVCs by Kubernetes when they are needed for pods. However, only the leaf directory created in this way has write permissions for nonroot users. As a result, the cleanup pod cannot delete directories created (e.g. the workspaceX/projects) directory. For more details, see https://github.com/eclipse/che/issues/12445 Signed-off-by: Angel Misevski --- deploy/kubernetes/helm/che/templates/configmap.yaml | 2 +- deploy/openshift/templates/che-server-template.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/kubernetes/helm/che/templates/configmap.yaml b/deploy/kubernetes/helm/che/templates/configmap.yaml index cc144ae0c3c..a2ff4147469 100644 --- a/deploy/kubernetes/helm/che/templates/configmap.yaml +++ b/deploy/kubernetes/helm/che/templates/configmap.yaml @@ -53,7 +53,7 @@ data: CHE_INFRA_KUBERNETES_TRUST__CERTS: "false" CHE_INFRA_KUBERNETES_PVC_STRATEGY: "common" CHE_INFRA_KUBERNETES_PVC_QUANTITY: {{ .Values.global.pvcClaim }} - CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS: "false" + CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS: "true" CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER: "0" CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP: "0" CHE_LOCAL_CONF_DIR: /etc/conf diff --git a/deploy/openshift/templates/che-server-template.yaml b/deploy/openshift/templates/che-server-template.yaml index ca71b9b3a8c..217cae23620 100644 --- a/deploy/openshift/templates/che-server-template.yaml +++ b/deploy/openshift/templates/che-server-template.yaml @@ -300,7 +300,7 @@ parameters: - name: CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS displayName: Pre-create subpaths in PV description: Applied only if a common strategy is used. Required for Kubernetes versions before 1.6 - value: 'false' + value: 'true' - name: CHE_OAUTH_GITHUB_CLIENTID displayName: GitHub Client ID description: GitHub oAuth app client ID. Applicable to Che single user only!