We have multiple containers, where one of them is mounting a volume on pvc, another one which is nifi container trying to access these mounted volume, including nifi directories.
The user id for mounted volume in pv(on nfs) is 10030, wheras nifi uses 1000 userid, resulting in pod is crashing because it does not have sufficient permission to access nifi directories.
How we can change the nifi default user in compose file to 100030 or do something else to solve this issue. Thanks
We tried multiple approaches including giving nifi user to volume, but it changes back to 10030.
To resolve this issue, you'll need to ensure that the user ID used by NiFi matches the user ID of the mounted volume. There are a few approaches you can consider.
1: In your Kubernetes deployment, you can specify the user ID that NiFi should run as by setting the securityContext in your NiFi container spec.
containers:
- name: nifi-container
image: your-nifi-image
securityContext:
runAsUser: 10030
This will ensure that NiFi runs with the user ID 10030, matching the user ID of the mounted volume.
2: While not always recommended due to security concerns, you can run NiFi as the root user and then modify the permissions of the mounted volume to allow the NiFi user (ID 1000) to access it. However, this approach can introduce security risks, so use it with caution.
3: You could use an initContainer to adjust the permissions of the mounted volume before NiFi starts. The initContainer can set the appropriate permissions on the directories/files that NiFi needs to access.
initContainers:
- name: volume-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /path/to/mounted/volume"]
volumeMounts:
- name: your-volume
mountPath: /path/to/mounted/volume
containers:
- name: nifi-container
image: your-nifi-image
In this example, the init container changes the ownership of the mounted volume to user ID 1000 before NiFi starts.