Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://hachyderm.io/users/j3j5/statuses/109468731225145597">Julio J. 🀲 (j3j5@hachyderm.io)'s status on Wednesday, 07-Dec-2022 12:31:49 JST</a><a href="https://hachyderm.io/@j3j5" title="j3j5@hachyderm.io"><img src="https://gnusocial.jp/avatar/27791-48-20230623004435.webp" width="48" height="48" alt="Julio J. 🀲" style="position: absolute; left: 0; top: 0;">Julio J. 🀲</a><div><a href="https://hachyderm.io/@j3j5/109468350878378172" rel="in-reply-to">in reply to</a></div></section><article><p>OK, just for the record, I've found *a solution*. I don't like it and it does feel hacky, although otoh it doesn't feel too wrong. </p><p>Add an extra initContainer with busybox and chown the shared volume with the desired uid and gid. It's ugly but it works. If nobody throws a big reason why I shouldn't be doing this, I'm going to leave it like this.</p><p>Thanks for the boosts <a href="https://hachyderm.io/tags/hachyderm" rel="tag">#hachyderm</a> !</p><p>Source <a href="https://discuss.kubernetes.io/t/write-permissions-on-volume-mount-with-security-context-fsgroup-option/16524" rel="nofollow noreferrer">https://discuss.kubernetes.io/t/write-permissions-on-volume-mount-with-security-context-fsgroup-option/16524</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/789603#notice-1356052">In conversation</a><time datetime="2022-12-07T12:31:49+09:00" title="Wednesday, 07-Dec-2022 12:31:49 JST">Wednesday, 07-Dec-2022 12:31:49 JST</time> <span>from <span><a href="https://hachyderm.io/@j3j5/109468731225145597" rel="external" title="Sent from hachyderm.io via ActivityPub">hachyderm.io</a></span></span><a href="https://hachyderm.io/@j3j5/109468731225145597">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: global.discourse-cdn.com</div><h5><a href="https://discuss.kubernetes.io/t/write-permissions-on-volume-mount-with-security-context-fsgroup-option/16524">Write permissions on volume mount with security context fsgroup option</a></h5><div></div></header><div>I’m trying to run a tomcat container in K8S with a non-root user, to do so I set User ‘tomcat’ with the appropriate permission in Docker Image. I have a startup script that creates a directory in /opt/var/logs (during container startup) and also starts tomcat service.  #steps in Dockerfile #adding tomcat user and group and permission to /opt directory addgroup tomcat -g 1001 &amp;&amp; \ adduser -D -u 1001 -G tomcat tomcat &amp;&amp; \ chown -R tomcat:tomcat /opt  #switch user User tomcat  The pod runs fine in ...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Julio J. 🀲 (j3j5@hachyderm.io)'s status on Wednesday, 07-Dec-2022 12:31:49 JST Julio J. 🀲
in reply to
OK, just for the record, I've found *a solution*. I don't like it and it does feel hacky, although otoh it doesn't feel too wrong.
Add an extra initContainer with busybox and chown the shared volume with the desired uid and gid. It's ugly but it works. If nobody throws a big reason why I shouldn't be doing this, I'm going to leave it like this.
Thanks for the boosts #hachyderm !
Source https://discuss.kubernetes.io/t/write-permissions-on-volume-mount-with-security-context-fsgroup-option/16524
In conversationWednesday, 07-Dec-2022 12:31:49 JST from hachyderm.iopermalink
Attachments
1. Domain not in remote thumbnail source whitelist: global.discourse-cdn.com
  Write permissions on volume mount with security context fsgroup option
  I’m trying to run a tomcat container in K8S with a non-root user, to do so I set User ‘tomcat’ with the appropriate permission in Docker Image. I have a startup script that creates a directory in /opt/var/logs (during container startup) and also starts tomcat service. #steps in Dockerfile #adding tomcat user and group and permission to /opt directory addgroup tomcat -g 1001 && \ adduser -D -u 1001 -G tomcat tomcat && \ chown -R tomcat:tomcat /opt #switch user User tomcat The pod runs fine in ...

Public

Embed Notice

HTML Code

Corresponding Notice