NFS/hostPath mount as non-root in kubernetes

7/2/2021

How I can mount an NFS as Alejandra(1001) user?

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: external-ns
  name: app1
  labels:
    app: app1
  annotations:
    pv.beta.kubernetes.io/gid: "1001"
spec:
  replicas: 1 
  selector:
    matchLabels:
      app: app1
  template:
    metadata:
      labels:
        app: app1
    spec:
      securityContext:
        runAsUser: 1001
        runAsGroup: 1001
        fsGroup: 1001
      nodeSelector:
        node-role.kubernetes.io/worker: worker 
      containers:
        - image: 192.168.1.1:5000/app1
          imagePullPolicy: Always
          name: app1
          volumeMounts:
            - mountPath: /app/var
              name: networkshared-fs-0
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: networkshared-fs-0
spec:
  capacity:
    storage: 80Gi
  accessModes:
    - ReadWriteMany
  mountOptions:
    - vers=4.0
  nfs:
    path: /var/lib/alejandra
    server: 192.168.1.2
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: alejandra-dashboard
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi

When I do an ls I got this:

kubectl exec -ti app1-XXX -- ls -al /var
total 12                                                                                     
drwxr-xr-x. 2 root   root   4096 Jul  1 12:48 .                                              
drwxr-xr-x. 1 alejandra alejandra 4096 Jul  2 11:20 .. 

The NFS server does have this /etc/exports:

/var/lib/alejandra 10.0.0.13/32(rw,no_root_squash,no_subtree_check) /var/lib/alejandra 10.0.0.13/32(rw,no_root_squash,no_subtree_check)

Thanks

Updated: Same happened with hostPath.

-- sincorchetes
bash
kubernetes
nfs
persistent-volumes

1 Answer

7/2/2021

you would need to use a provisioner for it , take a look at , just setting up NFS is not enough , you need to add roles and rolebindings , SA etc

https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner

-- thatguy
Source: StackOverflow