Set volume mount user group and file permissions in kubernetes

0 votes

I'm using kops to run my kubernetes cluster. I'm trying to use an EBS volume with a container which is visible from my app by it shows it as read only because my app is not running as root. I want to use the PVC as a user other than root. I cannot find any control  by which I can change the user or group or file permissions for the mounted path.

My deployment YAML:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: notebook-1
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: notebook-1
    spec:
      volumes:
      - name: notebook-1
        persistentVolumeClaim:
          claimName: notebook-1
      containers:
      - name: notebook-1
        image: jupyter/base-notebook
        ports:
        - containerPort: 8888
        volumeMounts:
        - mountPath: "/home/jovyan/work"
          name: notebook-1
Jan 16, 2019 in Kubernetes by Damon Salvatore
 • 5,980 points 27,297 views

1 answer to this question.

0 votes

There's a setting in Pod Security Context called fsGroup. This will allow you to set the group ID that has the volume. example:

apiVersion: v1
kind: Pod
metadata:
  name: hello-world
spec:
  containers:
  # specification of the pod's containers
  # ...
  securityContext:
    fsGroup: 1234

More info: https://kubernetes.io/docs/concepts/policy/security-context/

For further details, refer to the Kubernetes Training.

answered Jan 16, 2019 by ajs3033
 • 7,300 points

Related Questions In Kubernetes

0 votes
1 answer

Can somebody define Persistent Volume (PV) and Persistent Volume Claim (PVC) of kubernetes in simple terms?

PVs are resources in the cluster. PVCs ...READ MORE

answered Feb 4, 2020 in Kubernetes by Sirajul
 • 59,230 points 907 views
0 votes
2 answers

How do I create a volume in kubernetes so that it doesn't get detroyed when pods die?

if you need to do this is ...READ MORE

answered Jul 26, 2020 in Kubernetes by Akash Gupta
 1,263 views
0 votes
3 answers

Using multiple commands in a kubernetes yaml file

Try something like this: containers: - name: ...READ MORE

answered Apr 23, 2019 in Kubernetes by lyza
 48,911 views
0 votes
1 answer

ConfigMaps volume not creating file in container

Did a little research and found the ...READ MORE

answered Sep 6, 2018 in Kubernetes by Atul
 • 10,240 points 936 views
+6 votes
1 answer

Web UI (Dashboard): https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

Hey @nmentityvibes, you seem to be using ...READ MORE

answered Dec 13, 2018 in Kubernetes by Kalgi
 • 52,360 points 7,064 views
+1 vote
1 answer

set up kubernetes NGINX ingress in AWS with SSL termination

Try using ingress itself in this manner except ...READ MORE

answered Oct 10, 2018 in Kubernetes by Kalgi
 • 52,360 points 2,814 views
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17, 2019 in Others by anonymous
 14,593 views
+4 votes
1 answer

Installing Web UI (Dashboard):kubernetes-dashboard on main Ubuntu 16.04.6 LTS (Xenial Xerus) server

Follow these steps: $ kubeadm reset $ kubeadm init ...READ MORE

answered Apr 12, 2019 in Kubernetes by Kalgi
 • 52,360 points
reshown Apr 12, 2019 by Kalgi 6,077 views
0 votes
1 answer

Kubernetes: Insufficient CPU's and MatchNodeSelector in Openshift.

That error message does not mean that ...READ MORE

answered Sep 7, 2018 in Kubernetes by ajs3033
 • 7,300 points 2,423 views
0 votes
1 answer

How to use gravitational teleport in a container/kubernetes environment?

You can use teleport to augment kubernetes ...READ MORE

answered Jun 28, 2018 in Kubernetes by ajs3033
 • 7,300 points 2,226 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.