How do I setup Kubernetes CIFS Persistent Volume PV Permissions for Bitnami Postgres Helm Deployment?

Question

I have a Kubernetes cluster that I am trying to deploy different Helm Charts, when charts have no persistence everything works great. When the Helm charts use persistent volumes I always run into permission issues. I am using a Windows file share CIFS with a persistent volume I created, Im using the Secrets Store CSI Driver

Here is my persistent volume and claim yaml, I have a secret (cifs-secret) with my username and password. For now I'm not using a storage class, just a manually created PV/PVC

apiVersion: v1
metadata:
  name: myvolume
  labels:
    app: myapp
spec:
  storageClassName: ""
  capacity:
    storage: 100Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  mountOptions:
    - dir_mode=0777
    - file_mode=0777
    - uid=0998
    - gid=0996
    - mfsymlinks
    - nobrl
    - cache=none
    - domain=mydomain
  csi:
    driver: smb.csi.k8s.io
    readOnly: false
    volumeHandle: helmdata
    volumeAttributes:
      source: "//192.168.1.189/helm"
    nodeStageSecretRef:
      name: cifs-secret
      namespace: helm
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: myclaim
  namespace: mynamespace
  labels:
    app: myapp
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 10Gi
  volumeName: cifs-helmtest-pv

This was failing for me until I figured out which user needed access to the volume, I'm using an IronBank Grafana image so I ran the image locally in Docker and shelled into it, from the command line typed more /etc/passwd and it at the end of the output it listed the uid:0998 and gid:0996. So I updated the volume yaml and added the - uid=0998 and - gid=0996 to the mount options.

Once this was in place I was able to successfully install the Bitnami Helm Chart, I did have to update the configmap.yaml in the templates directory to match the IronBank paths, these differ slightly from the Bitnami paths.

I have tried this same logic with the Bitnami Postgresql Helm Chart and I can't seem to get this working, when I shell into the container and run more /etc/passwd it is using uid:65543 and gid:65543 (nobody account) I created a volume with these uid/gids and I constantly get permission errors or incorrect permissions on directory, sometimes it will create the data folder in the volume mount location but its always empty.

The user account that create the windows share is the username and password I used in the cifs-secret.

Any help would be appreciated.

Answer 1

I found a solution to this by using the Ironbank Postgres image with the Bitnami helm chart, I updated the UID and GID to 26 and set the volume information as follows...

Also, switching the data directory from the Bitnami default to /var/lib/postgresql/data is important to get the IronBank image to line up with the Bitnami chart.