Using DNS Name (FQDN) instead of GCP Filestore IP for PersistentVolume Object of GKE

Question

For mounting GCP filesore to GKE Pod below is PV object manifest snippet. Here fsGroup setting for Pod securityContext is not giving ownership to required group for that mounted Filestore.

  nfs:
    server: my.filestore.com
    path: /data

This is securityContext being used in Pod where above PV/PVC is referenced

  spec:
    securityContext:
      runAsGroup: 101
      runAsUser: 101
      fsGroup: 101 #mygrp
      fsGroupChangePolicy: "OnRootMismatch"

This is permission of mounted directory with above manifest, see the group.

drwxrwsr-x 9 root root  4096 Aug 10 10:26 data

After searching internet I found below solution but here I am forced to use IP instead of DNS Name for GCP Filestore in PV Object for filestore in GKE. Following is snippet of csi section of my pv.

  csi:
    driver: filestore.csi.storage.gke.io
    volumeHandle: my-pv-volume-handle
    volumeAttributes:
      ip: 1.2.3.4
      volume: /data

This is permission of mounted directory with above manifest, see the group.

drwxrwsr-x 9 root mygrp  4096 Aug 10 10:26 data

I want to achieve both, ie. use DNS name as well as get correct group for mounted folder.

Answer 1

So the difference between the two methods of mounting Filestore shared to GKE is the one uses direct nfs and the second one uses the csi driver.

We recommand the CSI driver because it's able to implement the securityContext you set for the pod but it doesn't support FQDN. On IP Address. I would recommand opening a bug here https://github.com/kubernetes-sigs/gcp-filestore-csi-driver/issues and asking for why and if they are planning to implement it!