Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission denied error in cloudcost integration #2623

Open
amith-k-r opened this issue Mar 11, 2024 · 4 comments
Open

Permission denied error in cloudcost integration #2623

amith-k-r opened this issue Mar 11, 2024 · 4 comments
Labels
doc needed Additional documentation is required E2 Estimated level of Effort (1 is easiest, 4 is hardest) needs-follow-up opencost OpenCost issues vs. external/downstream P2 Estimated Priority (P0 is highest, P4 is lowest)

Comments

@amith-k-r
Copy link

Seeing the error ingestor: build failed for window [2024-03-08T00:00:00+0000, 2024-03-12T00:00:00+0000): CloudCost: Azure: DownloadBlobToFile: failed to create directory mkdir /var/configs/db: permission denied. In Cloudcost integration.

Opencost version: 1.109.0 (fa84614)
image
@AndrisJrs
Copy link

AndrisJrs commented Mar 11, 2024
edited

Encountered same issue.

Dirty workaround is to run opencost exporter as root user.

opencost:
    securityContext: 
      readOnlyRootFilesystem: false
      runAsNonRoot: false
      runAsUser: 0

Or configure sidecar container which will set correct permissions.

@mattray
Copy link
Collaborator

mattray commented Mar 14, 2024

We can add that to the Azure docs
https://www.opencost.io/docs/configuration/azure#azure-cloud-costs

I'm wondering what the fix for this should be? @AndrisJrs were all 3 changes needed? We can add this to the Helm chart if it needs to be default for Azure
https://github.com/opencost/opencost-helm-chart/blob/main/charts/opencost/values.yaml#L182

@mattray mattray added opencost OpenCost issues vs. external/downstream doc needed Additional documentation is required P2 Estimated Priority (P0 is highest, P4 is lowest) E2 Estimated level of Effort (1 is easiest, 4 is hardest) labels Mar 14, 2024
@cmergenthaler
Copy link

Another way to solve this without root permissions is granting access to mounted volumes with fsGroup. With Helm Chart:

podSecurityContexts:
  runAsUser: 1001
  runAsGroup: 1001
  fsGroup: 1001

extraVolumes:
  - name: configs
    emptyDir: {}

opencost:
  exporter:
    extraVolumeMounts:
      - mountPath: /var/configs
        name: configs
        readOnly: false

Note that we need to explicitly mount a volume to /var/configs

@mattray
Copy link
Collaborator

mattray commented May 14, 2024

#2748 is related, probably the same error but we'll track separately for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
doc needed Additional documentation is required E2 Estimated level of Effort (1 is easiest, 4 is hardest) needs-follow-up opencost OpenCost issues vs. external/downstream P2 Estimated Priority (P0 is highest, P4 is lowest)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mattray @cmergenthaler @AndrisJrs @amith-k-r