How can I change user of configmap data?

5/21/2019

I create image running with non-root user but when I use configmap for volume ,files came with volume are root user. I want to change user but I don't know how to change of user.

I search from google and stackoverflow but I find nothing about it.

   volumeMounts:
      - name: test
        mountPath: /opt/KOBIL/SSMS/home/configutil
  volumes:
    - name: test
      configMap:
        name: slaveconfig




Actual:
lrwxrwxrwx. 1 root root 17 May 21 12:53 config.xml -> ..data/config.xml
lrwxrwxrwx. 1 root root 18 May 21 12:53 modules.xml -> ..data/modules.xml

Expected:
lrwxrwxrwx. 1 xxuser xxuser 17 May 21 12:53 config.xml -> ..data/config.xml
lrwxrwxrwx. 1 xxuser xxuser 18 May 21 12:53 modules.xml -> ..data/modules.xml
-- O.Kaplan
configmap
kubernetes

1 Answer

9/13/2019

This came as one of the challenges for the Kubernetes deployments/statefulsets, when you have to run process inside a container as non-root user. But, when you mount a volume to a pod, it always gets mounted with the permission of root:root. So, the non-root user must have access to the folder where it wants to read and write data.

Please follow the below steps for the same.

Create usergroup and assign groudID in Dockerfile. Create user with userid and add to the group in Dockerfile. change ownership recursively for the folders the user process wants to read/write. Add the below lines in deployment/Statefulset in pod spec context.

spec: securityContext: runAsUser: 1099 runAsGroup: 1099 fsGroup: 1099

runAsUser: specifies that for any Containers in the Pod, all processes run with user ID 1099 runAsGroup: specifies the primary group ID of 1099 for all processes within any containers of the Pod.(If this field is omitted, the primary group ID of the containers will be root(0),Any files created will also be owned by user 1099and group 1099 when runAsGroup is specified) fsGroup: specifies the owner of any volume attached will be owner by GroupId 1099 and any files created under it will be having permission of nonrootgroup:nonrootgroup.

-- rajdeepbs29
Source: StackOverflow