Hi,
I have k8s cephfs-provisioner.yaml and storageclass.yaml:
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: cephfs
namespace: cephfs
provisioner: ceph.com/cephfs
parameters:
monitors: 10.32.121.51:6789,10.32.121.52:6789,10.32.121.53:6789
adminId: admin
adminSecretName: ceph-admin-secret
adminSecretNamespace: cephfs
claimRoot: /pvc-volumes
reclaimPolicy: Retain
allowVolumeExpansion: true
# ceph version
ceph version 15.2.5
I'm trying to create snapshots:
/source # cd .snap
/source/.snap # mkdir snapshot01
mkdir: can't create directory 'snapshot01': Permission denied
/source/.snap #
# ceph auth ls shows client permissions:
client.kubernetes-dynamic-user-a89595fe-2a80-11eb-8b50-1ec01fe0b788
key: AQAjl7Zf9mFbMxAAcGiyth980XbD1rtcBokqAw==
caps: [mds] allow r,allow rw
path=/pvc-volumes/kubernetes/kubernetes-dynamic-pvc-a89595cc-2a80-11eb-8b50-1ec01fe0b788
caps: [mon] allow r
caps: [osd] allow rw pool=cephfs.cephfsvol1.data
namespace=fsvolumens_kubernetes-dynamic-pvc-a89595cc-2a80-11eb-8b50-1ec01fe0b788
If I understood correctly that above permission is lacking 's' flag.
How can I enable that permission when client is dynamic as above? Is
there a way to get around this problem, e.g. how can I define client
setup so that it wouldn't be dynamic and I could give required
permissions to that? I'm trying to have a backup Pod to generate
snapshots and copy those to nfs mount.
Br, Jouni
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
