containersazure-aksignition

Cannot mount volume in Ignition | Permission issue | Ignition migration

I'm running ignition version 8.1.42 in AKS which describe following issue. The version 8.1.25 is running perfectly fine.

enter image description here

I found out that 8.1.25 is running as root user and after that update container is run as non-root user.

My deployment file looks like below. ref: https://forum.inductiveautomation.com/t/ignition-on-azure-kubernetes-service/68388

The issue is stated here: https://www.docs.inductiveautomation.com/docs/8.1/platform/docker-image

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ignition-deployment
  namespace: ignition-poc
spec:
  selector:
    matchLabels:
      app: ignition-application
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: ignition-application
    spec:
      # initContainers:
      # - name: seed-volume
      #   image: inductiveautomation/ignition:8.1.42
      #   resources:
      #     limits:
      #       memory: "256Mi"
      #       cpu: "1000m"
      #   command:
      #   - export IGNITION_UID=0
      #   - export IGNITION_GID=0
      #   - sh
      #   - -c
      #   - >
      #     if [ ! -f /data/.ignition-seed-complete ]; then
      #       touch /data/.ignition-seed-complete ;
      #       cp -dpR /usr/local/bin/ignition/data/* /data/ ;
      #     fi
      #   volumeMounts:
      #   - mountPath: /data
      #     name: ignition-data
      containers:
      - name: ignition
        image: inductiveautomation/ignition:8.1.42
        resources:
          limits:
            memory: "2048Mi"
            cpu: "1000m"
        args:
        - -n
        - Ignition-k8s
        - -m
        - "2048"
        env:
        - name: ACCEPT_IGNITION_EULA
          value: "Y"
        - name: GATEWAY_ADMIN_USERNAME
          value: admin
        - name: GATEWAY_ADMIN_PASSWORD
          value: Test123
        - name: TZ
          value: “America/Chicago”
        - name: IGNITION_EDITION
          value: standard
        - name: IGNITION_UID
          value: "root"
        - name: IGNITION_GID
          value: "root"          
        ports:
        - name: ignition-http
          containerPort: 8088
        - name: ignition-https
          containerPort: 8043
        volumeMounts:
        - mountPath: /usr/local/bin/ignition/data
          name: ignition-data
        readinessProbe:
          exec:
            command:
            - health-check.sh
            - -t
            - "3"
          initialDelaySeconds: 60
          periodSeconds: 10
          failureThreshold: 10
          timeoutSeconds: 3
      volumes:
      - name: ignition-data
        persistentVolumeClaim:
         claimName: ignition-poc-pvc

I tried to change user to root or chown of files. But I cannot do that without root privilege.

Thanks in advance.

Solution

  • Below solutions works for me.

    Run the ignition deployment with below config

      env:
    - name: IGNITION_UID
      value: "2003"
    - name: IGNITION_GID
      value: "2003"  

  securityContext:  
    runAsUser: 0
    runAsGroup: 0

    Let it complete the process of migration, in my case it took 4-5 min. Check logs for more details.

    Once above step is completed, delete the existing deployment and above mention config and try to deploy again.

    This will not show any permission issue, hence we have migrated to newer version. Readiness probe will failed (try to change it's persmission).