PermissionError [Error 13] after manual creation of PersistentVolume and StorageClass

tnecnivkcots · July 30, 2021, 11:37am

Hello jupyterhub team and community,

I have a question about an issue which occurs, if I deploy jupyterhub on my kubernetescluster.

The first thing was, when I deployed jupyterhub, the hub pod stayed ‘pending’ caused by an unbound PersistentVolumeClaim. I found one working solution on this blog.
After creation of the missing StorageClass and PersistentVolume and running an helm upgrade, the hub pod get stuck at a loop of Error and CrashLoopBackoff. In the logs of the hub pod was a long traceback with the last line:

PermissionError: [Errno 13] Permission denied: '/srv/jupyterhub/jupyterhub_cookie_secret'

For this Error I found the solution in this forum in CrashLoopBackOff due to PermissionError: [Errno 13] Permission denied: ‘/srv/jupyterhub/jupyterhub_cookie_secret’.
Here @manics explained short an alternative way, but it is not clear for me how to do this.

It works, but the question for me now is, if there is a correlation between the first issue, where the StorageClass and PersistentVolume has to be created manually and the second issue, where the file ‘/srv/jupyterhub/jupyterhub_cookie_secret’ inside the hub pod cannot be written to.
Particular because of the not-persistence of data for the user pods, it could be more elegant.
A solution for this can be to mount persistent volumes for user data by configuring this in the config.yaml, right?

Information about the setup:

kubernetes cluster
- bare metal
- OS: Ubuntu 20.04 LTS
- 1 master, 1 worker
- kubernetes version 1.21
helm
- version 3.6.3
jupyterhub
- chart version 0.11.1
- app version 1.3.0

I am looking forward for your suggestion.

Best regards
tnecnivkcots

manics · July 30, 2021, 8:58pm

This probably means the persistent volume isn’t writeable by the user inside the hub pod. You might be able to get around this be setting fsGid to match the default group ID on the provisioned volume:

github.com

jupyterhub/zero-to-jupyterhub-k8s/blob/aadd0dd680d005b5d0e54f4207150b48757ddd92/jupyterhub/schema.yaml#L889-L899


      
          fsGid:
            type: [integer, "null"]
            minimum: 0
            description:
              The gid the hub process should be using when touching any volumes mounted.
          
              Use this only if you are building your own image & know that a group with this gid
              exists inside the hub container! Advanced feature, handle with care!
          
              Defaults to 1000, which is the gid of the `jovyan` user that is present in the
              default hub image.

If that doesn’t work you’ll need to check the docs for whichever storage provider(s) you’ve installed since you’re running your own Kubernetes cluster. For instance, it might be possible to change the default permissions.

tnecnivkcots · August 2, 2021, 12:16pm

As there are no groups with GIDs, I have to read more about storage providers. Thank you for the hint.

tnecnivkcots · August 19, 2021, 12:18pm

The Problem was the storage provisioner.
Now I’m running this local storage provisioner and it works fine. Thank you for this hint. Without it I would still wander arround in the dark.

Topic		Replies	Views
CrashLoopBackOff due to PermissionError: [Errno 13] Permission denied: '/srv/jupyterhub/jupyterhub_cookie_secret' JupyterHub	18	4822	February 15, 2021
1 node(s) did not find available persistent volumes to bind Zero to JupyterHub on Kubernetes jupyterhub , help-wanted	4	6921	June 16, 2022
Trouble configuring JupyterHub with Kubernetes on my local cluster Zero to JupyterHub on Kubernetes	1	798	April 16, 2020
Problem using Kubernetes for JupyterHub on a local infrastructure JupyterHub	9	3435	April 16, 2019
Getting permission on first Jupyter Lab environment spawn JupyterHub	1	354	May 11, 2023

PermissionError [Error 13] after manual creation of PersistentVolume and StorageClass

Related Topics