Kubernetes on azure
I'm using Kubernetes on azure and my architecture is attached as image.
I could create a persistent volume using azure files and i attached it to my pods using persistent volume claim.
My problem is:
As you can see on the image there is files and directories on the azure files and i need to set special permissions on theses files/directories
for example
- notes.txt with ( rw--)
- user1 to be the owner of the directory data
- user2 to be the owner of tools
- in tools format have the permission (rwx-rw-r) and stats (rwx-r-r)
I asked about this feature and it's not implemented on azure files. Can you suggest any other solution ?
Thank you in advance.
Regards,
Hajjim
Similar Questions
1 Answer
You can use kubernetes security context to configure access to your mounts. Check this link https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
Quoting the docs:
Since fsGroup field is specified, all processes of the container are also part of the supplementary group ID 2000. The owner for volume /data/demo and any files created in that volume will be Group ID 2000.
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
volumes:
- name: sec-ctx-vol
emptyDir: {}
containers:
- name: sec-ctx-demo
image: busybox
command: [ "sh", "-c", "sleep 1h" ]
volumeMounts:
- name: sec-ctx-vol
mountPath: /data/demo
securityContext:
allowPrivilegeEscalation: false