PowerProtect Data Manager 19.18 Kubernetes User Guide

Support Network File System (NFS) root squashing

Using root squashing on a Network File System (NFS) volume prevents remote root users from having root access to the volume. Without additional configuration to support NFS root squashing, these volumes cannot be backed up or restored.

1. Create a storage class with root-client access enabled. For example, set the property RootClientEnabled when creating a PowerScale/Isilon storage class.
2. Create a ConfigMap named ppdm-root-access-storage-class-mapping in the PowerProtect namespace.
3. In the data section of the ConfigMap, add a storage-class mapping in the following format:

   name of storage class with root-client access disabled: name of storage class with root-client access enabled

   For example, to map isilon-root-squashing-sc to isilon-allow-backups-sc, type:

   isilon-root-squashing-sc: isilon-allow-backups-sc

   NOTE:During the restore of root squashed volumes, the data mover pod (cproxy) runs with the UID of the file owner that is captured during backup. When using storage class mapping during the restore of root squashed volume backups, ensure that the CSI driver for the target storage class sets the permissions for the PVC volume path in a manner that allows writes from pods running as nonroot. CSI drivers allow setting volume path permissions as part of the driver configuration, or as parameters in storage class. Check your CSI driver documentation for more information.