K
Q

Read-Write permissions issue for PVC in Azure Kubernetes Service

10/20/2020

Currently I try to setup a Nextcloud on Azure Kubernetes Service as an exercise. Basically the application seems running, but after connecting the Database, Nextcloud ending with something like...

Please change the permissions of your storage to 0770 to prevent other people from accessing your data

I guess cause I used a azurefile share as persistent volume. My pvc deployment looks like this:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nextcloud-shared-storage-claim
  labels: 
    app: nextcloud
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: azurefile
  resources:
    requests:
      storage: 5Gi

I've already researched on that topic and find ways to realize the use of permissions for pods with securityContext. Because I've only just started with Kubernetes on Azure I struggle a bit on binding my Deployment file for nextcloud with a pod, that applies the permissions.

To complete the post - here is the deployment file for the Nextcloud I used

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud-server
  labels:
    app: nextcloud
spec:
  replicas: 1
  selector:
    matchLabels:
      pod-label: nextcloud-server-pod
  template:
    metadata:
      labels:
        pod-label: nextcloud-server-pod
    spec:
      containers:
      - name: nextcloud
        image: nextcloud:20-apache
        volumeMounts:
        - name: server-storage
          mountPath: /var/www/html
          subPath: server-data
      volumes:
      - name: server-storage
        persistentVolumeClaim:
          claimName: nextcloud-shared-storage-claim
---
apiVersion: v1
kind: Service
metadata:
  name: nextcloud-server
  labels:
    app: nextcloud
spec:
  selector:
    pod-label: nextcloud-server-pod
  ports:
  - protocol: TCP
    port: 80

I guess/hope that it's totally simple.

-- elludorado
azure
azure-aks
kubernetes
virtualization

Similar Questions

Is in the kubernetes API a function to fetch all services by annotations
How to scale down OpenShift/Kubernetes pods automatically on a schedule?
How to configure Azure secure Kubernetes service (HTTPS) from visual interface?
Two different domains and paths for same angular application
Azure AKS Public IP in Non-standard Resource Group

1 Answer

11/3/2020

Posting this answer as community wiki since it might be helpful for the community. Feel free to expand.

As mentioned by @Nick Graham in the comments

To modify the permissions on a mounted volume you’ll need to execute a script after the container starts up. Some images give you the option to copy scripts into a particular folder that are then executed at start up, check the docs to see if the image your using provides that functionality

There are few examples.

Additionally according to this comment you can try to specify this permissions in your storage class.

-- Jakub
Source: StackOverflow