Share via

Cannot perform basic file disc check on azure / kubernetes

Koen de Jaeger 0 Reputation points
2023-01-27T16:54:27.91+00:00

Using a pod derived from https://hub.docker.com/r/fcrepo/fcrepo .

I mounted /usr/local/tomcat/fcrepo-home to a btrfs persistant volume (ssd standard, fstype btrfs).

Now I wanted to do a file system check; after installing btrfs-progs. But I get some strange errors and even dmesg is not allowed?

root@ibron--surf-acc-ibron-2-758b588878-dnp76:/usr/local/tomcat# btrfs device stats 
/usr/local/tomcat/fcrepo-home ERROR: getting device info for /usr/local/tomcat/fcrepo-home failed: Operation not permitted 

root@ibron--surf-acc-ibron-2-758b588878-dnp76:/usr/local/tomcat# btrfs check /usr/local/tomcat/fcrepo-home
Opening filesystem to check... ERROR: not a regular file or block device: /usr/local/tomcat/fcrepo-home ERROR: cannot open file system 

root@ibron--surf-acc-ibron-2-758b588878-dnp76:/usr/local/tomcat# btrfs scrub start -Bd /usr/local/tomcat/fcrepo-home 
ERROR: getting dev info for scrub failed: Operation not permitted 

root@ibron--surf-acc-ibron-2-758b588878-dnp76:/usr/local/tomcat# dmesg 
dmesg: read kernel buffer failed: Operation not permitted

Tried customer support but they said, after checking out everything, 'Please check the filesystem that configured via btrfs if there are any issues.'. Wonderfull ... .

Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,456 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Koen de Jaeger 0 Reputation points
    2023-01-30T16:19:03.9166667+00:00

    Looked into kubernetes and sysctl whitelisting, but couldn't get 'kernel.dmesg_restrict' whitelisted to be used in podsecurity. Azure only permits to whitelist: kernel.shm*, kernel.msg*, kernel.sem, fs.mqueue., net.. And so 'dmesg' is not possible to allow? As well as a disc check, which gives the same error??

    0 comments
  2. Koen de Jaeger 0 Reputation points
    2023-02-01T18:59:27.1933333+00:00

    @Goncalo Correia the above commands were run inside the pod where the PVC is done, where the SSD is mounted onto.

    'dmesg' onto the node gives me the same error msg. (tried with https://learn.microsoft.com/en-us/azure/aks/node-access)

  3. Koen de Jaeger 0 Reputation points
    2023-02-01T19:07:35.9566667+00:00
    0 comments
  4. Koen de Jaeger 0 Reputation points
    2023-02-03T07:33:32.2233333+00:00

    @srbhatta-MSFT 2301220050000366

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.