Kubernetes 上 azure

Question

I'm using Kubernetes on azure and my architecture is attached as image.

I could create a persistent volume using azure files and i attached it to my pods using persistent volume claim.

My problem is:

As you can see on the image there is files and directories on the azure files and i need to set special permissions on theses files/directories

for example

• notes.txt with ( rw--)
• user1 to be the owner of the directory data
• user2 to be the owner of tools
• in tools format have the permission (rwx-rw-r) and stats (rwx-rr)

I asked about this feature and it's not implemented on azure files. Can you suggest any other solution?

Thank you in advance.

Regards,

Hajjim

Answer 1

You can use kubernetes security context to configure access to your mounts. Check this linkhttps://kubernetes.io/docs/tasks/configure-pod-container/security-context/

Quoting the docs:

Since fsGroup field is specified, all processes of the container are also part of the supplementary group ID 2000. The owner for volume /data/demo and any files created in that volume will be Group ID 2000.

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
  volumes:
  - name: sec-ctx-vol
    emptyDir: {}
  containers:
  - name: sec-ctx-demo
    image: busybox
    command: [ "sh", "-c", "sleep 1h" ]
    volumeMounts:
    - name: sec-ctx-vol
      mountPath: /data/demo
    securityContext:
      allowPrivilegeEscalation: false