How to set file owner if mounting a secret to file via volumeMount?

asp · August 1, 2019, 10:32am

Hi,

I want to store some the keystore of logstash application as secret, using volumeMount to get it back to filesystem:

     volumeMounts:
    # logstash keystore file
    - name: keystore-file
      mountPath: "/usr/share/logstash/config/logstash.keystore"
      subPath: "logstash.keystore"

    ...

  volumes:
  - name: keystore-file
    secret:
      secretName: test-logstash-keystore-secret

the secret looks like this:

Name:         test-logstash-keystore-secret
Namespace:    default
Labels:       app=logstash
              cluster=test
Annotations:  <none>

Type:  Opaque

Data
====
keystore-password:  4 bytes
logstash.keystore:  970 bytes

The mounted file has owner root with permission 644.
Is it possible via the deployment to give secret which is mounted to a file an explicit ownership with explicit permissions?

Thanks, Andreas

mrbobbytables · August 1, 2019, 11:35am

Check out the docs on usings secrets as files from a pod. You can define the default mode for the volume to be mounted into the container

As far as doing it from a specific user, you can do that by setting the fsGroup as a part of defining the securityContext on the container or pod.

Topic		Replies	Views
Change owner NFS Volume General Discussions	0	487	May 9, 2023
Mounted directory has the wrong ownership General Discussions	1	1537	August 13, 2021
Is it possible to mount persistent volume as a user (not fsGroup)? General Discussions	0	692	May 24, 2021
Write permissions on volume mount with security context fsgroup option General Discussions	6	76779	April 13, 2023
Need help! hostpath volume mounted with ownership 1001:1001, while 999:1000 is expected General Discussions	4	1386	August 8, 2020

How to set file owner if mounting a secret to file via volumeMount?

Related Topics