Question
I'm running a Kubernetes cluster on AWS using kops. I've mounted an EBS volume
onto a container and it is visible from my application but it's read only
because my application does not run as root. How can I mount a
PersistentVolumeClaim
as a user other than root? The VolumeMount
does not
seem to have any options to control the user, group or file permissions of the
mounted path.
Here is my Deployment yaml file:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: notebook-1
spec:
replicas: 1
template:
metadata:
labels:
app: notebook-1
spec:
volumes:
- name: notebook-1
persistentVolumeClaim:
claimName: notebook-1
containers:
- name: notebook-1
image: jupyter/base-notebook
ports:
- containerPort: 8888
volumeMounts:
- mountPath: "/home/jovyan/work"
name: notebook-1
Answer
The Pod Security Context supports setting an fsGroup
, which allows you to
set the group ID that owns the volume, and thus who can write to it. The
example in the docs:
apiVersion: v1
kind: Pod
metadata:
name: hello-world
spec:
containers:
# specification of the pod's containers
# ...
securityContext:
fsGroup: 1234
More info on this is here