I have my ssh private key (/home/user/.ssh/id_rsa) as a volume mounted secret in my container. Kubernetes seems to mount it with uid 0. However, my app runs as a specific user, and therefore can't access the ssh private key whose permission must be 600 at min. How can I change the ownership of my private key to reflect that of a specific user?
thanks.
In Linux, usernames are mapped to a user id which can be seen with the command id -u someusername.
SSH requires by default in many cases that your SSH key be owned by the user running SSH and be hidden to others 600
Therefore, I highly recommend you copy your key instead of mounting it, unless your container user has the same user id as you.
If you are using a linux container, you can run the command inside the container to get the exact user id, and then chown your files with the user id instead of a user name.
kubectl exec -it mypod bash or sh if bash doesn't work $ id -u someuser
OR
kubectl exec -it mypod id -u if your container has one user which started the main process
THEN
Copy your id file so you can chown it without interfering with your ability to ssh.
mkdir -p /data/secrets/myapp
cp /home/user/.ssh/id_rsa /data/secrets/myapp/id_rsa
chown $MYAPPUSERID:$MYAPPUSERID /data/secrets/myapp/id_rsa
chmod 600 /data/secrets/myapp/id_rsaBecause the host OS might have already mapped this user id, it may seem that your files are owned by another arbitrary user, but what ultimately matters is the user id of the owner/group.