Symptom:
We are building DB services on OKE . By default OKE(Oracle Kubernete Engine) storageclass is oci which is OCI block volume. If we don't specify storageclass in yaml file, OKE would automatically create block volumes as persistent volumes and attach to pods for us which is very convenient.However we hit permission issue , by default the filesystem created by OKE is owned by root , the docker images user is oracle with id 54321 . It fails on creating DB.
Solution:
It is not a good practice for a Dockerfile to modify parent host mounted file permission. We can use yaml to tell OKE to mount the volume with correct permission. More details refer Kubernetes security context docAdd below in the spec of the yaml file, in this case 54321 is the id
securityContext: runAsUser: 54321 fsGroup: 54321
No comments:
Post a Comment