Login/Register
Setup securityContext inside kubernetes deployment
Asked Answered
Solved kuberneteskubernetes-podkubernetes-securitykubernetes-deployment
C

1

12

I'm using a nfs mounted volume in my deployments. I need to give it the fsGroup like below:

securityContext:
  runAsUser: 1000
  runAsGroup: 3000
  fsGroup: 2000

Is there a way to make this on the deployment manifest? As I can see on the documentation I can set the securitycontext in the pod yaml only.

Cupric answered 30/7, 2019 at 16:21 Comment(2)
deployment got a pod template, that is the same as the pod spec. You can set security context there.Flask
Do you mean under spec.containers?Cupric
M
22

You can use the securityContext in Deployment in the same way you use it inside Pod.

Like it was already suggested by placing it under template.spec:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-deployment
  labels:
    app: test
spec:
  replicas: 3
  selector:
    matchLabels:
      app: test
  template:
    metadata:
      labels:
        app: test
    spec:
      securityContext:
          runAsUser: 2000
          runAsGroup: 3000
          fsGroup: 2000
      containers:
      - name: test
        image: busybox
        ports:
        - containerPort: 80
        command: [ "sh", "-c", "sleep 1h" ]

And you can test it:

$ kubectl exec -it test-deployment-54d954d7f-2b582  sh
/ $ ps
PID   USER     TIME  COMMAND
    1 2000      0:00 sleep 1h
    6 2000      0:00 sh
   11 2000      0:00 ps
/ $ whoami
whoami: unknown uid 200
Marthamarthe answered 31/7, 2019 at 10:3 Comment(1)
Hi, I am facing this exact issue right now (#59484563). I can't get this to work in my Deployment. When trying your answer, my pod gets stuck on a CrashLoopBackOff error. Checking the logs via kubectl logs pod/<pod id> shows this error: /sbin/runit-wrapper: line 5: can't create /env: Permission denied. I need help badly, please!Wesley

© 2022 - 2024 — McMap. All rights reserved.