Menu
In kubernetes I can use a PersistentVolumeClaim to create some storage, which I can later mount in some container.
However if the user in the container is not root, that user will not be able to access that directory because it is owned by root.
What is the right way to access such a volume? (I did not find any user/permission options both when creating and mounting that volume.)
452
Once a PV is bound to a PVC, that PV is essentially tied to the PVC's project and cannot be bound to by another PVC. There is a one-to-one mapping of PVs and PVCs. However, multiple pods in the same project can use the same PVC.
First, find out the UID number your process is running as.
Then you can tell Kubernetes to chown (sort of) the mount point of the volume for your pod by adding .spec.securityContext.fsGroup:
spec:
...
securityContext:
fsGroup: 2000
fsGroup: integer: A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume.
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
