Kubernetes: HostPath Host Access Permissions
Problem: Cannot write to directory inside container.
I am using hostPath storage for persistent storage requirements. I am not using PV anc PVC to use hosrat, instead using his volume plugin. eg
{
"apiVersion": "v1",
"id": "local-nginx",
"kind": "Pod",
"metadata": {
"name": "local-nginx"
},
"spec": {
"containers": [
{
"name": "local-nginx",
"image": "fedora/nginx",
"volumeMounts": [
{
"mountPath": "/usr/share/nginx/html/test",
"name": "localvol"
}
]
}
],
"volumes": [
{
"name": "localvol",
"hostPath": {
"path": "/logs/nginx-logs"
}
}
]
}
}
Note: nginx pod is for exmaple only.
My host directory is created as "drwxr-xr-x. 2 root root 6 Apr 23 18: 42 / logs / nginx-logs" and the same permissions are reflected inside the module, but since it is 755, a different user, that is, a user inside the module, cannot write / create file inside the installed directory.
Questions:
-
Is there any way out to avoid the above problem?
-
Is there a way to specify permission on directories in case of storing host files?
-
Is there any field that I can set in the following definition to give the required permission?
"volumes":{
"name": "vol",
"hostPath": {
"path": "/any/path/it/will/be/replaced"}}
source to share
I think the problem you are having is not user or group related (there is no RunAsUser specification in your package definition, so it runs as root by default), but rather in SELinux policy. To install the host directory in the pod with the powers rw, he must have the following label: svirt_sandbox_file_t
. You can check the current SElinux label with the following command: ls -laZ <your host directory>
and change it with chcon -Rt svirt_sandbox_file_t <your host directory>
.
source to share