-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
alloc fs doesn't have access to mounted volumes #7365
Comments
Potentially interrelated: #7799 |
This turns out to be another case of the mounting behaviors described in #8919 |
While working on some E2E test improvements following the 0.12.7 security patch and landing those docs, I've found that the volumes themselves are visible but their contents are not. This may be similar to the handling of the secrets directory. Going to re-open this. |
Turns out this is a long-known issue with the file system API: #914 |
The various Nomad filesystem commands (and their APIs) don't have access to the contents of mounted volumes. This means that while tasks can access host volume content (and CSI volume content),
nomad alloc fs
cannot. The operator can view the files withnomad alloc exec
, but as this requires a higher level of privilege with its own ACL, this workaround isn't great.Example jobspec that writes to a volume mount location in the task dir. (The exact location doesn't matter so long as its somewhere within the alloc dir.)
Results below. Note that this all works as expected when there's no
volume_mount
stanza.Exec into the allocation and see everything we'd expect to see:
The text was updated successfully, but these errors were encountered: