Information about emptyDir and hostPath for persistent volumes

MySQL & MariaDB Percona Operator for MySQL
,
1

Hello,

I’m trying to run the operator from this page : Install Percona server for MongoDB on Kubernetes.

Operator seems to be running and it’s trying to create rs and cfg but I have a hard time with the linked persistent volumes. I use molecule to build my cluster so I don’t really want fs to be kept so I tried to uncomment the emptyDir: {} but I don’t understand if I have to put a path or not.

If I do, the operator doesn’t even start because of wrong format.

But If I don’t, my pvc throws this error :
failed to provision volume with StorageClass "standard": failed to create volume pvc-1b0d5948-0074-4149-973f-c6bcdb135c66: pods "create-pvc-1b0d5948-0074-4149-973f-c6bcdb135c66" is forbidden: unable to validate against any pod security policy: [spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used]

This is the part I don’t understand because all the hostPath part is still commented.

For the cr.yaml, I used percona-server-mongodb-operator/cr.yaml at main · percona/percona-server-mongodb-operator · GitHub and just uncomment the emptyDir part.

Thanks for your help.

2 Likes
2

I found out the answer. It was linked to the PodSecurityPolicy that was added to the cluster. I still don’t understand why the message talks about hostPath but if I looked at the start of the sentence “is forbidden: unable to validate against any pod security policy” since the start I wouldn’t have looked the wrong direction.

1 Like
3

Hello, @phuo.Thank you for the update on your situation. I’m glad you’ve identified the root cause of the problem as being linked to the PodSecurityPolicy (PSP) in your cluster.

However, I have not been able to replicate your problem by uncommenting the emptyDir part in the
volumeSpec section for replsets.

   volumeSpec:
     emptyDir: {}
     # hostPath:
     # path: /data
     # type: Directory
     persistentVolumeClaim:
       #annotations:
       # volume.beta.kubernetes.io/storage-class: example-hostpath
       # labels:
       rack #: rack-22
       # storageClassName: standard
       # accessModes: [ "ReadWriteOnce" ]

Uncommenting the line: emptyDir: {}, all resources are displayed correctly in my case.
If you could tell me more details about what you modified and where it could help clarify your initial problem.
I also told you some things that helped me better understand the issue of emptyDir and hostpath.

  • volumes is a field in the Pod specification where you define all storage volumes that the pod can use. These could include emptyDir, persistentVolumeClaim, configMap, etc.

  • When you specify emptyDir: {} in your Kubernetes pod specification, it means that you’re asking Kubernetes to create a temporary directory on the host machine that’s initially empty. You do not need to provide a path for emptyDir; it is managed by Kubernetes itself.

  • On the other hand, volumeSpec is not a standard field in the core Kubernetes Pod or Deployment specifications. It could be a custom field defined by a third-party operator or a Custom Resource Definition (CRD), which you can see in our deploy/cr.yaml (This was the one I modified to replicate your issue)

I hope we can hear from you, and if you have any more problems deploying the Operator, let us know.

Thank you for your contribution, @phuo !