Search code examples
azurekubernetespermissionsredhat

Kubernetes on azure

I'm using Kubernetes on azure and my architecture is attached as image.

I could create a persistent volume using azure files and i attached it to my pods using persistent volume claim.

My problem is:

As you can see on the image there is files and directories on the azure files and i need to set special permissions on theses files/directories

for example

  • notes.txt with ( rw--)
  • user1 to be the owner of the directory data
  • user2 to be the owner of tools
  • in tools format have the permission (rwx-rw-r) and stats (rwx-r-r)

I asked about this feature and it's not implemented on azure files. Can you suggest any other solution ?

Thank you in advance.

Regards,

Hajjim

enter image description here

Solution

  • You can use kubernetes security context to configure access to your mounts. Check this link https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

    Quoting the docs:

    Since fsGroup field is specified, all processes of the container are also part of the supplementary group ID 2000. The owner for volume /data/demo and any files created in that volume will be Group ID 2000.

    apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
  volumes:
  - name: sec-ctx-vol
    emptyDir: {}
  containers:
  - name: sec-ctx-demo
    image: busybox
    command: [ "sh", "-c", "sleep 1h" ]
    volumeMounts:
    - name: sec-ctx-vol
      mountPath: /data/demo
    securityContext:
      allowPrivilegeEscalation: false