Search code examples
windowsdockerkubernetesvolumes

Kubernetes on docker for windows, persistent volume with hostPath gives Operation not permitted


I am trying to connect a folder in windows to a container folder. This is for a .NET app that needs to read files in a folder. In a normal docker container, with docker-compose, the app works without problems, but since this is only one of several different apps that we will have to monitor, we are trying to get kubernetes involved. That is also where we are failing. As a beginner with kubernetes, I used kompose.exe to convert the compose files to kuberetes style. However, no matter if I use hostPath or persistentVolumeClaim as a flag, I do not get things to work "out of the box". With hostPath, the path is very incorrect, and with persistentVolumeClaim I get a warning saying volume mount on the host is not supported. I, therefore, tried to do that part myself but can get it to work with neither persistent volume nor entering mount data in the deployment file directly. The closest I have come is that I can enter the folder, and I can change to subfolders within, but as soon as I try to run any other command, be it 'ls' or 'cat', I get "Operation not permitted". Here is my docker compose file, which works as expected by

version: "3.8"
services:
    test-create-hw-file:
        container_name: "testcreatehwfile"
        image: test-create-hw-file:trygg
        network_mode: "host"
        volumes:
            - /c/temp/testfiles:/app/files

Running konvert compose on that file:

PS C:\temp> .\kompose.exe convert -f .\docker-compose-tchwf.yml --volumes hostPath -v
DEBU Checking validation of provider: kubernetes
DEBU Checking validation of controller:
DEBU Docker Compose version: 3.8
WARN Service "test-create-hw-file" won't be created because 'ports' is not specified
DEBU Compose file dir: C:\temp
DEBU Target Dir: .
INFO Kubernetes file "test-create-hw-file-deployment.yaml" created
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kompose.cmd: C:\temp\kompose.exe convert -f .\docker-compose-tchwf.yml --volumes hostPath -v
    kompose.version: 1.26.1 (a9d05d509)
  creationTimestamp: null
  labels:
    io.kompose.service: test-create-hw-file
  name: test-create-hw-file
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: test-create-hw-file
  strategy:
    type: Recreate
  template:
    metadata:
      annotations:
        kompose.cmd: C:\temp\kompose.exe convert -f .\docker-compose-tchwf.yml --volumes hostPath -v
        kompose.version: 1.26.1 (a9d05d509)
      creationTimestamp: null
      labels:
        io.kompose.service: test-create-hw-file
    spec:
      containers:
        - image: test-create-hw-file:trygg
          name: testcreatehwfile
          resources: {}
          volumeMounts:
            - mountPath: /app/files
              name: test-create-hw-file-hostpath0
      restartPolicy: Always
      volumes:
        - hostPath:
            path: C:\temp\c\temp\testfiles
          name: test-create-hw-file-hostpath0
status: {}

Running kubectl apply on that file just gives the infamous error "Error: Error response from daemon: invalid mode: /app/files", which means, as far as I can understand, not that the "/app/files" is wrong, but the format of the supposedly connected folder is incorrect. This is the quite weird C:\temp\c\temp\testfiles row. After googling and reading a lot, I have two ways of changing that, to either /c/temp/testfiles or /host_mnt/c/temp/testfiles. Both end up in the same "Operation not permitted". I am checking this via going into the CLI on the container in the docker desktop.

The image from the test is just an app that does nothing right now other than wait for five minutes to not quit before I can check the folder. I am logged on to the shell as root, and I have this row for the folder when doing 'ls -lA':

drwxrwxrwx 1 root root      0 Feb  7 12:04 files

Also, the docker-user has full access to the c:\temp\testfiles folder.

Some version data:

Docker version 20.10.12, build e91ed57

Kubectl version
Client Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.5", GitCommit:"5c99e2ac2ff9a3c549d9ca665e7bc05a3e18f07e", GitTreeState:"clean", BuildDate:"2021-12-16T08:38:33Z", GoVersion:"go1.16.12", Compiler:"gc", Platform:"windows/amd64"}
Server Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.5", GitCommit:"5c99e2ac2ff9a3c549d9ca665e7bc05a3e18f07e", GitTreeState:"clean", BuildDate:"2021-12-16T08:32:32Z", GoVersion:"go1.16.12", Compiler:"gc", Platform:"linux/amd64"}

Kompose version
1.26.1 (a9d05d509)

Host OS: Windows 10, 21H2

//Trygg


Solution

  • Glad that my initial comment solved your issue. I would like to expand my thoughts a little in a form of an official answer.

    To mount volumes using Kubernetes on Docker Desktop for Windows the path will be:

    /run/desktop/mnt/host/c/PATH/TO/FILE
    

    Unfortunately there is no official documentation but here is a good comment with explanation that this is related to Docker Daemon:

    /mnt/wsl is actually the mount point for the cross-distro mounts tmpfs
    Docker Daemon mounts it in its /run/desktop/mnt/host/wsl directory