File Management for Synthetic Jobs

If your monitored application requires dependent files, PSA can download and access them during Synthetic job execution. These files can also be used by subsequent Synthetic jobs. PSA supports reading and writing these files (Excel and text files only) and can validate their metadata, such as file size and content.

To enable this feature, configure the following in the values.yaml file:

PSA in Kubernetes

chrome-storage:
  enabled: true                          # Master switch
  
  storageClass:                           # K8s StorageClass configuration
    name: "psa-ebs-storage"               # StorageClass name
    provisioner: "ebs.csi.aws.com"        # Cloud provider provisioner
    parameters:
      type: "gp3"                         # Storage type (gp3, gp2, etc.)
      encrypted: "true"                   # Enable encryption
  
  pvc:                                    # PersistentVolumeClaim configuration
    name: "chrome-shared-storage"         # PVC name
    size: "500Mi"                         # Storage size
    accessMode: "ReadWriteOnce"           # Access mode
    mountPath: "/mnt/opt/appdynamics"     # Container mount path
    volumeMode: "Filesystem"              # Volume mode

PSA in Docker

chrome-storage:
  enabled: true                          # Master switch
    
  dockerVolume:                           # Docker volume configuration
    storageLocation: "psa-docker-volume"  # Volume name or bind path
    mountPath: "/mnt/opt/appdynamics"     # Container mount path
    volumeUid: 9001                       # User ID for permissions
    volumeGid: 9001                       # Group ID for permissions

The files are stored in the persistent storage. PSA checks the following in the values.yaml file before creating new storage:

Kubernetes: the names of storage class and PVC
Docker: the storage location details under dockerVolume

If a storage resource (StorageClass, PVC, or storage location) does not exist, PSA creates a new instance of the missing resource. Otherwise, if specified, PSA reuses the existing resource for file storage.

Warning: Ensure that you download files from trusted and secure sources. PSA does not scan the downloaded files for any potential risks.

Note:

StorageClass is a cluster-scoped resource (not namespaced), which means it cannot be accessed using a namespaced role. Only ClusterRole can grant permissions to cluster-scoped resources. See Kubernetes RBAC documentation.

Supported File Extensions and Libraries

PSA supports the following application-dependent file extension types:


File Extension	Description	Library/Version
`.pdf`	PDF documents	pypdf 6.4.0
`.txt`	Text files	Standard library
`.xls`	Excel 97-2003	Existing dependencies
`.xlsx`	Excel 2007+	openpyxl 3.1.5
`.csv`	Comma-separated files	csv (Standard python library)

Note:

PSA also supports the pathlib2 version 2.3.7.post1 library for enhanced path handling.

Note:

PSA does not restrict downloads of large file sizes. However, you can manage file size restriction by using the Python Script.
PSA also downloads the files with other extensions in the /tmp/downloads folder in the container. However, those files are not copied to persistent storage.
If the volume is fully occupied, PSA does not clear it. Ensure that you periodically clear the storage.

Add Security Context to Access Persistent Storage

You must add the following security context:

Kubernetes:

Update the following details in the values.yaml file:

securityContext:
 overrideSecurityContextForWebAndAPIMon: true
  runAsGroup: <group_name> 
  runAsUser: <user_name> 
  runAsNonRoot: true
  fsGroup: <fs_group_name>

Docker:

PSA configures volume access permissions using BusyBox. Therefore, ensure that the BusyBox container image is available on your machine, or provide internet access for PSA to download it.

Note:

BusyBox container image is required because:

the Docker volumes may have restrictive default permissions (root-only)
the Chrome agents run as non-root user
the direct host-level permission changes are not allowed in containerized environments
BusyBox provides lightweight Alpine Linux with chown or chmod utilities

Troubleshooting

You may encounter certain issues if the configurations are incorrect. The following table lists the issues and the steps you can follow to resolve them:


Issue	Reason	Resolution
Kubernetes
PVC is stuck in the `Pending` state.	The `StorageClass` provisioner is not available.	Check the CSI driver installation: `kubectl get sc and kubectl describe pvc <name>`
Pod cannot mount PVC.	There is a mismatch in the volume binding mode or access mode.	Ensure that the node has access to the storage backend: `kubectl describe pod <name>`
Permission denied in container.	There is a mismatch in security context.	Check the `fsGroup` and `runAsUser` settings and rectify the pod security context and PVC ownership.
Docker
Volume creation fails.	There are issues in Docker daemon or disk space.	Check the Docker logs and available disk space: `docker volume ls and df -h`
Permission denied in container.	The permission setup failure.	Check the: BusyBox container image availability and try again Docker logs and volume
Bind mount not found.	The host path does not exist.	Check the host filesystem and create the directory manually.