[pvc] /workspace directory is owned by nobody

[WVerlaek]

Bug description

/workspace directory is owned by nobody

Steps to reproduce

On a workspace with PVC enabled, the /workspace directory is owned by nobody:

$ ls -al /
...
drwxrwsr-x  13 nobody gitpod  4096 Oct 19 13:13 workspace

This prevents e.g. the root user from making a new directory inside /workspace (but it's fine when done from the gitpod user):

$ sudo mkdir -p /workspace/directory
mkdir: cannot create directory ‘/workspace/directory’: Permission denied

With pvc disabled, it's owned by gitpod:

$ ls -al /
...
drwxr-xr-x   7 gitpod gitpod   98 Oct 19 13:41 workspace

Workspace affected

No response

Expected behavior

The prebuild workspace should be up and running.

Example repository

No response

Anything else?

#7901

[sagor999]

This is due to the way k8s mounts PVC. It mounts folder as root:root.
We specify FSGroup here when mounting that pvc, so that at least it is owned by gitpod group, but there is no k8s way of specifying user that should be used to mount that folder AFAIK.
One workaround that I know of is to use init container that would do chown on that folder to change ownership to gitpod user. It only needs to do chown on that folder only, not recursive, so it should be very fast.

@jenting @WVerlaek do you guys know a better way?

[WVerlaek]

Not aware of a better solution, I think the init container + chown approach makes sense

[jenting]

Not aware of a better solution, I think the init container + chown approach makes sense

+1

Question: I thought we need to recursive all the files and folders to change the UID, doesn't it?

[sagor999]

Current progress is blocked until we resolve this: #14103

[kylos101]

@sagor999 are you still blocked on this issue? I assume no, because @utam0k shipped #14103.

[sagor999]

nope. PR with fix is pending review.