Search code examples
dockernexus3google-kubernetes-engine

GKE: nexus disk not writable

I would like to run nexus3 within the Google Container Engine.

I created a persistent disk and configured the following deployment file:

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: nexus3
  labels:
    app: nexus3
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nexus3
  template:
    metadata:
      labels:
        app: nexus3
        tier: web
    spec:
      containers:
      - image: gcr.io/nexustest-182520/nexus3:3.6.0
        name: nexus3
        volumeMounts:
        - mountPath: /nexus-data
          name: nexus3-persistent-storage
        ports:
        - containerPort: 8081
      volumes:
      - name: nexus3-persistent-storage
        gcePersistentDisk:
          pdName: nexus3-disk
          fsType: ext4

The deployment fails with this problem:

kubectl get pods -o=wide
NAME                      READY     STATUS    RESTARTS   AGE       IP           NODE
nexus3-1260341461-mj7rf   0/1       Error     2          36s       x.x.x.x   gke-nexus-cluster-default-pool-9a58e4f2-p1t9


kubectl describe po/nexus3-1260341461-mj7rf
[...]
Events:
  FirstSeen LastSeen    Count   From                            SubObjectPath       Type        Reason          Message
  --------- --------    -----   ----                            -------------       --------    ------          -------
  1m        1m      1   default-scheduler                               Normal      Scheduled       Successfully assigned nexus3-1260341461-mj7rf to gke-nexus-cluster-default-pool-9a58e4f2-p1t9
  1m        1m      1   kubelet, gke-nexus-cluster-default-pool-9a58e4f2-p1t9               Normal      SuccessfulMountVolume   MountVolume.SetUp succeeded for volume "default-token-gsnbn"
  1m        1m      1   kubelet, gke-nexus-cluster-default-pool-9a58e4f2-p1t9               Normal      SuccessfulMountVolume   MountVolume.SetUp succeeded for volume "nexus3-persistent-storage"
  1m        12s     4   kubelet, gke-nexus-cluster-default-pool-9a58e4f2-p1t9   spec.containers{nexus3} Normal      Pulled          Container image "gcr.io/nexustest-182520/nexus3:3.6.0" already present on machine
  1m        12s     4   kubelet, gke-nexus-cluster-default-pool-9a58e4f2-p1t9   spec.containers{nexus3} Normal      Created         Created container
  1m        12s     4   kubelet, gke-nexus-cluster-default-pool-9a58e4f2-p1t9   spec.containers{nexus3} Normal      Started         Started container
  56s       8s      4   kubelet, gke-nexus-cluster-default-pool-9a58e4f2-p1t9   spec.containers{nexus3} Warning     BackOff         Back-off restarting failed container
  56s       8s      4   kubelet, gke-nexus-cluster-default-pool-9a58e4f2-p1t9               Warning     FailedSync      Error syncing pod

I think the restart happens because nexus itself is not able to start. I found this in the logs:

mkdir: cannot create directory '../sonatype-work/nexus3/log': Permission denied

and

Unable to update instance pid: Unable to create directory /nexus-data/instances

Where is my mistake? What needs to be done, to enable nexus to write into the disk and the folder?

Best, Lars

Solution

  • Well, I solved it myself directly after creating the question. :)

    Regarding https://github.com/sonatype/docker-nexus3 the application runs on a different pid then root.

    Adding this to the deployment file did the trick:

    spec:
  securityContext:
    fsGroup: 200