flexvolume | Simple wrapper library for quick FlexVolume prototypes | Wrapper library

Does the Oracle Cloud Kubernetes CSI implementation depend on the flex-volumes?

In other words, in order to use the OCI CSI (i.e. csi-oci-node driver and csi-oci-controller driver), do I need to deploy oci-block-volume-provisioner and oci-flexvolume-driver?

Ref: https://github.com/oracle/oci-cloud-controller-manager#setup-and-installation

I have an issue setting up persistant volumes for gitlab on my bare-metal kubernetes cluster:

Operation for "provision-gitlab/repo-data-gitlab-gitaly-0[3f758288-290c-4d9c-a084-5506f58a22d7]" failed. No retries permitted until 2020-11-28 11:55:56.533202624 +0000 UTC m=+305.008238514 (durationBeforeRetry 4s). Error: "failed to create volume: failed to create volume: see kube-controller-manager.log for details"

Problem is: this file doesn't exist anywhere, and I cannot get any more details about the problem, even by adapting the configuration:

Many of my workflows use pod iam roles. As documented here, I must include fsGroup in order for non-root containers to read the generated identity token. The problem with this is when I additionally include pvc’s that point to cifs pv’s, the volumes fail to mount because they time out. Seemingly this is because Kubelet tries to chown all of the files on the volume, which takes too much time and causes the timeout. Questions…

1. Why doesnt Kubernetes try to chown all of the files when hostPath is used instead of a pvc? All of the workflows were fine until I made the switch to use pvcs from hostPath, and now the timeout issue happens.
2. Why does this problem happen on cifs pvcs but not nfs pvcs? I have noticed that nfs pvcs continue to mount just fine and the fsGroup seemingly doesn’t take effect as I don’t see the group id change on any of the files. However, the cifs pvcs can no longer be mounted seemingly due to the timeout issue. If it matters, I am using the native nfs pv lego and this cifs flexVolume plugin that has worked great up until now.

Overall, the goal of this post is to better understand how Kubernetes determines when to chown all of the files on a volume when fsGroup is included in order to make a good design decision going forward. Thanks for any help you can provide!

Kubernetes Chowning Files References

https://docs.microsoft.com/en-us/azure/aks/troubleshooting

Since gid and uid are mounted as root or 0 by default. If gid or uid are set as non-root, for example 1000, Kubernetes will use chown to change all directories and files under that disk. This operation can be time consuming and may make mounting the disk very slow.

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods

By default, Kubernetes recursively changes ownership and permissions for the contents of each volume to match the fsGroup specified in a Pod's securityContext when that volume is mounted. For large volumes, checking and changing ownership and permissions can take a lot of time, slowing Pod startup.

i've finished setting up my HA k8s cluster using kubeadm. Everything seems to be working fine, but after checking with the command kubectl get componentstatus I get:

I'm trying to use k8s secrets or having environment variables from my local environment to set the flexvol options values, is that possible?

I can see secrets mounted successfully but the flexvol is not able to be mount successfully. Appreciate if there is any different solution other than secrets if any.

The deployment.yaml

i am trying to deploy image which has some change to it environment variables, but when i do so i am getting below error

The Pod "envar-demo" is invalid: spec: Forbidden: pod updates may not change fields other than spec.containers[*].image, spec.initContainers[*].image, spec.activeDeadlineSeconds or spec.tolerations (only additions to existing tolerations) {"Volumes":[{"Name":"default-token-9dgzr","HostPath":null,"EmptyDir":null,"GCEPersistentDisk":null,"AWSElasticBlockStore":null,"GitRepo":null,"Secret":{"SecretName":"default-token-9dgzr","Items":null,"DefaultMode":420,"Optional":null},"NFS":null,"ISCSI":null,"Glusterfs":null,"PersistentVolumeClaim":null,"RBD":null,"Quobyte":null,"FlexVolume":null,"Cinder":null,"CephFS":null,"Flocker":null,"DownwardAPI":null,"FC":null,"AzureFile":null,"ConfigMap":null,"VsphereVolume":null,"AzureDisk":null,"PhotonPersistentDisk":null,"Projected":null,"PortworxVolume":null,"ScaleIO":null,"StorageOS":null}],"InitContainers":null,"Containers":[{"Name":"envar-demo-container","Image":"gcr.io/google-samples/node-hello:1.0","Command":null,"Args":null,"WorkingDir":"","Ports":null,"EnvFrom":null,"Env":[{"Name":"DEMO_GREETING","Value":"Hello from the environment

my yaml.

I am creating the below mongodb statefulset which creates 3 replicas but when I run the code I get the below error and all pods are in CrashLoopBackOff state.

This is the error which I get when I try kubectl create -f

I've been delving into Rook+Ceph for Kubernetes, trying to get it to work under Google Kubernetes Engine, and have hit a brick wall.

Following the documentation, I've run the following commands, and verified that each has had the intended effect:

I'm trying to attach the dummy-attachable FlexVolume sample for Kubernetes which seems to initialize normally according to my logs on both the nodes and master: