Kubernetes - setting custom permissions/file ownership per volume (and not per pod)
Question
Is there any way to set per-volume permissions/ownership in Kubernetes declaratively?
Usecase:
- a pod is composed of two containers, running as two distinct users/groups, both of them non-root, and are unable to
sudo - the containers mount a volume each, and need to create files in these volumes (eg both of them want to write logs)
We know that we can use fsGroup , however that is a pod-level declaration. So even if we pick fsGroup equal to user in first container, then we are going to have permission issues in the other one. (ref: Kubernetes: how to set VolumeMount user group and file permissions )
2 answers
solution1
4 ACCPTED 2017-10-27 11:35:18
One solution is to use init-container to change permissions of mounted directories .
The init-container would need to mount both volumes (from both containers), and do the needed chown / chmod operations.
Drawbacks:
- extra container that needs to be aware of other containers' specific (ie. uid/gid)
- init container needs to run as root to perform
chown
solution2
0 2019-09-13 04:53:38
It can be done with adding one init container with root access.
initContainers:
- name: changeowner
image: busybox
command: ["sh", "-c", "chown -R 200:200 /<volume>"]
volumeMounts:
- name: <your volume>
mountPath: /<volume>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.