When i am trying to mount application log volume from containers to host getting error: Operation not permitted
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
initContainers:
- name: volume-mount-permission
image: xx.xx.xx.xx/orchestration/credit-card
command:
- sh
- -c
- chown -R 1000:1000 /opt/payara/appserver/glassfish/logs/credit-card
- chgrp 1000 /opt/payara/appserver/glassfish/logs/credit-card
volumeMounts:
- name: card-corp-logs
mountPath: /opt/payara/appserver/glassfish/logs/credit-card
readOnly: false
containers:
- name: credit-card
image: xx.xx.xx.xx/orchestration/credit-card
imagePullPolicy: Always
securityContext:
privileged: true
runAsUser: 1000
ports:
- name: credit-card
containerPort: 8080
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
volumeMounts:
- name: override-setting-storage
mountPath: /p/config
- name: credit-card-teamsite
mountPath: /var/credit-card/teamsite/card_corpContainer Path - /opt/payara/appserver/glassfish/logs/credit-card to hostPath
Can anyone please help me out where i am doing mistake in deployment yml file.
securityContext:
runAsUser: 1000
runAsGroup: 3000means you cannot chown 1000:1000 because that user is not a member of group 1000
Likely you will want to run that initContainer: as runAsUser: 0 in order to allow it to perform arbitrary chown operations
You also truncated your YAML that would have specified the volumes: that are being mounted by your volumeMounts: -- there is a chance that you are trying to mount a volume type that -- regardless of your readOnly: false declaration -- cannot be modified. ConfigMap, Secret, Downward API, and a bunch of others also will not respond to mutation requests, even as root.