Bash script mounted as configmap with 777 permissions cannot be ran

9/10/2018

This might be simple, but I can't seem to figure out why a bash script mounted as a configmap cannot be ran as root:

root@myPodId:/opt/nodejs-app# ls -alh /path/fileName 
lrwxrwxrwx 1 root root 18 Sep 10 09:33 /path/fileName  -> ..data/fileName

root@myPodId:/opt/nodejs-app# whoami
root

root@myPodId:/opt/nodejs-app# /bin/bash -c /path/fileName
/bin/bash: /path/fileName: Permission denied

I'm guessing, but I'd think that as with Docker, the root in the container isn't the actual root and works more like a pseudo-root account.

If that's the case, and the file cannot be ran this way, how would you include the script without having to re-create the Docker container every time the script changes?

-- Neekoy
kubernetes
kubernetes-helm

2 Answers

9/10/2018

Alright, so I don't have links to the documentation, however the configmaps are definitely mounted on a ReadOnly filesystem. What I came up with is to cat the content of the file into another file in a location where the local root can write /usr/local in my case and this way the file can be ran.

If anyone comes up with a more clever solution I'll mark it as the correct answer.

-- Neekoy
Source: StackOverflow

9/10/2018

It's not surprise you cannot run script which is mounted as ConfigMap. The name of the resource itself (ConfigMap) should have made you to not use it. As a workaround you can put your script in some git repo, then mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container. InitContainer will download the latest version every time during container creation

-- Konstantin Vustin
Source: StackOverflow