发表新帖
发表新帖

Allowing access to a PersistentVolumeClaim to non-root user

前端 未结
关注
1 893
一整个雨季
一整个雨季 2021-01-01 22:19

In kubernetes I can use a PersistentVolumeClaim to create some storage, which I can later mount in some container.

However if the user in the container is not root,

1条回答
  • 时光说笑
    时光说笑 (楼主)
    2021-01-01 22:39

    First, find out the UID number your process is running as.

    Then you can tell Kubernetes to chown (sort of) the mount point of the volume for your pod by adding .spec.securityContext.fsGroup:

    spec:
  ...
  securityContext:
    fsGroup: 2000

    fsGroup: integer: A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume.

    0 讨论(0)
 看不清?
提交回复
热议问题