2

When mounting persistent storage for influxdb container the NFS storage ownership is changed to uid 1000 when container is run. Need to have a known RHEL host user (2000) have ownership of the file system.

  • Tried setting the runAsUser security option in Kubernetes but the container errors out stating permissions error.

  • Tried creating a custom dockerfile, adding the user 2000 and running container as that user but receive error: unauthorized: access to request resource is not authorized.

  • Also looked at user namespaces but uncertain how to configure that. -Tried the init container suggestion and that failed. Below is the code and error message.

    initContainers:
    - name: init-influxdb
    image: /influxdb:0.2.10
    command: ['sh', '-c', "chown 2000:2000 /var/lib/influxdb2"]

The error message that I get in the logs is:

stderr F chown: changing ownership of '/var/lib/influxdb2': operation not permitted

Rohit Gupta
  • 356
  • 2
  • 4
  • 14
Ken E
  • 21
  • 3
  • Hi Ken E welcome to S.F. That's the typical pattern that one would use an `initContainer:` to solve, so the `initContainer:` can run as root, and thus execute chown to 2000 as required, leaving the workload container to execute with the `runAsUser:` as you described – mdaniel Apr 26 '23 at 02:45
  • Thank you for the suggestion. I tried it, but it still fails and the logs state that changing ownereship of /var/lib/influxdb2 is not permitted. I added an initContainer with the command ['sh', 'c', "chown 2000:2000 /var/lib/influxdb2"] . The influx container never starts up because this initcontainer fails. – Ken E Apr 26 '23 at 17:07
  • Well, thus far your question and comments are just a bunch of words, and if you made the same mistake in your pod as you did in your comment that'd be a fine reason it wouldn't work. Please [edit your question](https://serverfault.com/posts/1129636/edit) and include the actual code of your attempt so we're all on the same page about what's going on. Bonus points for including the logs of the init container for comparison – mdaniel Apr 26 '23 at 19:11

0 Answers0