You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are having a push to run as many containers as possible as non-root. I was converting a non-root pod from a CephFS PVC to an OpenEBS/cStor PVC, but the root of the PVC is root:root 0755, which means the non-root container cannot create files.
I was able to get this working by adding:
securityContext:
fsGroup: 65534
runAsUser: 65534
to the pod specification. With this the container is still running as non-root, but kubernetes changes the group owner/permissions in the PVC to the specified group, and then the container can create files.
It would be nice to be able to set the ownership and/or permissions on the root directory of the PVC when it is created.
The text was updated successfully, but these errors were encountered:
We are having a push to run as many containers as possible as non-root. I was converting a non-root pod from a CephFS PVC to an OpenEBS/cStor PVC, but the root of the PVC is root:root 0755, which means the non-root container cannot create files.
I was able to get this working by adding:
securityContext:
fsGroup: 65534
runAsUser: 65534
to the pod specification. With this the container is still running as non-root, but kubernetes changes the group owner/permissions in the PVC to the specified group, and then the container can create files.
It would be nice to be able to set the ownership and/or permissions on the root directory of the PVC when it is created.
The text was updated successfully, but these errors were encountered: