init-projects does not respect UID or GID #2075
Description
Please confirm the following
- I agree to follow this project's code of conduct.
- I have checked the current issues for duplicates.
- I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.
Bug Summary
Reference - https://github.com/ansible/awx-operator/blob/devel/roles/installer/templates/deployments/web.yaml.j2#L134
Reference - https://github.com/ansible/awx-operator/blob/devel/roles/installer/templates/deployments/task.yaml.j2#L185
In my helm chart that references this image, if I attempt to set the UID & GID to 1024 & 100, the init-projects container fails because the NFS does not allow running chgrp without using sudo. I've tried using the extra_volumes with the volume mounts, but those haven't been working. The only workaround is to disable project persistence.
AWX Operator version
latest
AWX version
latest
Kubernetes platform
kubernetes
Kubernetes/Platform version
1.33.2
Modifications
no
Steps to reproduce
operator-controller:
spec:
replicas: 4
AWX:
enabled: true
spec:
service_type: LoadBalancer
service_annotations:
"metallb.io/loadBalancerIPs": 10.0.0.0
security_context_settings:
runAsNonRoot: true
runAsUser: 1024
runAsGroup: 100
fsGroup: 100
ingress_type: none
replicas: 2
admin_password_secret: awx-admin-password
postgres_configuration_secret: awx-postgres-configuration
# persistent
projects_persistence: true
projects_existing_claim: awx-projectsEnable squashing on the NAS via NFS and setup your PVC to use the NFS driver. This config is only a problem with squashing since the init project container doesn't allow us to change the UID & GID.
Expected results
Projects container is mounted without permission issues.
Actual results
init-projects attempts to change permissions when it shouldn't.
Additional information
Unless there's a reason not to, I'd expect we could do the volume mount but skip the chgrp depending on variable configuration.
Operator Logs
No response