1

How can I give the non-root user full access to the mounted volume path in Kubernetes (pod)?

I'm using a volume on the host (/workspace/projects path) and writing to the directory as below.

volumeMounts:
-name: workspace
 mountPath: /workspace/projects

Since, I'm copying the git repository content to the /projects directory, the git sets the permission to 755 by default. I want to set the permission to 775 as unable to write to the /project directory.

Could you please let me know what is the best way to do this? I saw InitContainers and not sure whether there is any better solution.Appreciate any help! Thanks in advance!

Jonas
  • 121,568
  • 97
  • 310
  • 388
testbg testbg
  • 193
  • 2
  • 11
  • Thanks! Since, this should work for any user, how can I pass the uid of the logged in /current user who runs the pod yaml ? I believe I can try $uid or something. Please let me know if there is any better solution. Thanks, – testbg testbg Apr 28 '20 at 20:17

1 Answers1

1

When you have to run process inside container as non-root user and you mount a volume to pod. But the volume have root:root permission.

To give access to specific user initContainer is one way, like following

initContainers:
- name: volume-mount-permission
  image: busybox
  command: ["sh", "-c", "chmod 775 /workspace/projects && chown -R <user> /workspace/projects"]
  volumeMounts:
  -name: workspace
   mountPath: /workspace/projects

You can also use security context. Create user and group, add user to the group in Dockerfile and set following in spec

spec:
  securityContext:
    runAsUser: <UID>
    runAsGroup: <GID>
    fsGroup: <GID>
hoque
  • 5,735
  • 1
  • 19
  • 29