Portworx Documentation has moved to https://docs.portworx.com
Portworx Enterprise version 2.13 has reached end of life and end of extended maintenance. Refer to the release support policy doc here.
Upgrade to the latest version of Portworx Enterprise for continued support. Documentation for the latest version of Portworx Enterprise can be found here.
Upgrade to the latest version of Portworx Enterprise for continued support. Documentation for the latest version of Portworx Enterprise can be found here.
Access via Non-Root Users
This document describes how to access a Portworx Volume (PVC/PV) as a non-root user. In Kubernetes, by default all the Persistent Volumes are accessible only by the root user. However you can modify the application pod spec to allow a specific set of users to access the Persistent Volume as explained below.
Modify the application POD spec
You can modify the PodSecurityContext section of a Pod to include an fsGroup field. Here is a snippet of a pod spec file
spec:
# Allow non-root user to access PersistentVolume
securityContext:
fsGroup: 1000
containers:The fsGroup field specifies that the given special supplemental group with ID 1000 is associated with all Containers in the Pod. When you specify a fsGroup kubernetes will change the ownership of the volume to be owned by the pod.
- The owning GID will be that of the fsGroup.
- The setgid bit is set so that new files created in the volume are owned by the GID.
- The permission bits are OR’d with rw-rw—- For more information refer to the kubernetes docs
Last edited: Tuesday, May 16, 2023
Questions? Visit the Portworx forum.