Skip to content

Commit c9dea0e

Browse files
siyanshensiyanshen
authored
Revert "Update HostNetwork instructions in authentication.md"
1 parent 6113e07 commit c9dea0e

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

docs/authentication.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ See the GKE documentation: [Access Cloud Storage buckets with the Cloud Storage
2626
If you run into permission problems, try these troubleshooting steps.
2727

2828
- [Uniform bucket-level access](https://cloud.google.com/storage/docs/uniform-bucket-level-access) is required for read-write workloads when using Workload Identity Federation. Make sure the bucket Permissions Access control is `Uniform`.
29-
- Managed sidecar users on GKE versions 1.32.3-gke.1440000 and above can now use hostNetwork enabled pods with GCSFuse buckets. If you experience a gke upgrade to 1.32.3-gke.1440000 and higher and start seeing "Permission denied" errors, please grant your pod ksa permissions by following https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-storage-fuse-csi-driver-setup#authentication, and restart your pods.
29+
- The Cloud Storage FUSE CSI driver does not support Pods running on the [host network](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#hosts-namespaces) (hostNetwork: true) due to [restrictions of Workload Identity Federation for GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#restrictions). Make sure the `hostNetwork` is set to `false`.
3030
- If you set `runAsUser` or `runAsGroup` in [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for your Pod or container, or if your container image uses a non-root user or group, you must set the `uid` and `gid` mount flags. You also need to use the `file-mode` and `dir-mode` mount flags to set the file system permissions. For example, set CSI inline volume `mountOptions` to `"uid=1001,gid=2002,file-mode=664,dir-mode=775"`.
3131
- If you set `fsGroup` in [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for your Pod, you don't need to use the `file-mode` and `dir-mode` mount flags. These flags are automatically added by the [CSI fsGroup delegation feature](https://kubernetes-csi.github.io/docs/support-fsgroup.html#delegate-fsgroup-to-csi-driver).
3232
- Double check the Workload Identity Federation setup following the below steps.

0 commit comments

Comments
 (0)