How to change permission of mapped volume in kubernetes/Docker

Question

I just created image using Docker file and for changing user I just used:

USER myuser

We are using a directory to store data, we change tha

Answer 1

This is because of docker. It mounts volume with only root permission and you can change it with chmod but only after the container is started.

You can read more about it here https://github.com/moby/moby/issues/2259 This issues is here for a long time.

What you can do in kubernetes is use fsGroup and force that volume is writable by GID specified. This is working solution and documented as well. More information here https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

Here is an example deployment:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: alpine
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: alpine
    spec:
      securityContext:
        fsGroup: 1000
      containers:
        - name: alpine
          image: alpine
          volumeMounts:
              - mountPath: /var/alpine
                name: alpine
      volumes:
        - name: alpine
          awsElasticBlockStore:
            volumeID: vol-1234567890
            fsType: ext4