ERROR Unable to use the drive /export/data: file access denied: Invalid arguments specified

[Danieloni1]

Deploying a MinIO tenant with (almost) default configuration on a k8s single node resulted with the following error:
kubectl logs -n minio-operator minio-tenant-pool-0-0 ->
Defaulted container "minio" out of: minio, sidecar, validate-arguments (init) ERROR Unable to use the drive /export/data: file access denied: Invalid arguments specified

Expected Behavior

As the /export/data is the default paths from the charts, the user running it with the default configuration should be able to access it.

Current Behavior

Operator is running as expected with all services defined, but the statefulset of the tenant is not ready, and the tenant pod's logs are as follows:
Defaulted container "minio" out of: minio, sidecar, validate-arguments (init) ERROR Unable to use the drive /export/data: file access denied: Invalid arguments specified

Steps to Reproduce (for bugs)

Deploy the default helm chart operator, then deploy PVs and storageClass, then the tenants as follows:
PVs and storageClass:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: minio-local 
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Retain
parameters:
  hostPath: /var/lib/obfuscatedDirName/minio
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: minio-local0-minio-tenant-pool-0-0
  labels:
    app: minio
spec:
  capacity:
    storage: 8Gi
  volumeMode: Filesystem
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: minio-local
  hostPath:
    path: /var/lib/obfuscatedDirName/minio

The tenant:

---
# Source: tenant/templates/tenant-configuration.yaml
apiVersion: v1
kind: Secret
metadata:
  name: minio-tenant-env-configuration
  namespace: minio-operator
type: Opaque
stringData:
  config.env: |-
    export MINIO_ROOT_USER="minio"
    export MINIO_ROOT_PASSWORD="minio123"
---
# Source: tenant/templates/tenant.yaml
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
  name: minio-tenant
  namespace: minio-operator
  labels:
    app: minio
spec:
  image: "quay.io/minio/minio:RELEASE.2024-03-15T01-07-19Z"
  imagePullPolicy: IfNotPresent
  configuration:
    name: minio-tenant-env-configuration
  pools:
    - servers: 1
      name: pool-0
      volumesPerServer: 1
      volumeClaimTemplate:
        metadata:
          name: minio-local
        spec:
          storageClassName: minio-local
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: 8Gi
      securityContext:
        fsGroup: 1000
        fsGroupChangePolicy: OnRootMismatch
        runAsGroup: 1000
        runAsNonRoot: true
        runAsUser: 1000
      containerSecurityContext:
        runAsGroup: 1000
        runAsNonRoot: true
        runAsUser: 1000
  mountPath: "/var/lib/obfuscatedDirName/minio"
  subPath: "/data"
  requestAutoCert: true
  features:
    bucketDNS: false
    enableSFTP: false
  podManagementPolicy: Parallel
  prometheusOperator: false

Your Environment

• Version used (minio-operator): operator-5.0.14, tenant-5.0.14
• Environment name and version (e.g. kubernetes v1.17.2): Kubernetes: Client Version: v1.28.8, Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3, Server Version: v1.28.0
• Operating System and version (uname -a): Linux node-0 5.14.0-432.el9.x86_64 Wed Mar 20 20:26:59 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Note

I am deploying on a single node currently for testing, but the end-goal is to join 2 more nodes to the k8s cluster. Any tips regarding this scaling in the future in regards to MinIO and the current configuration would be much appreciated.

[jiuker]

Change your hostpath's permission as minio:minio