How to set file owner if mounting a secret to file via volumeMount?


I want to store some the keystore of logstash application as secret, using volumeMount to get it back to filesystem:

    # logstash keystore file
    - name: keystore-file
      mountPath: "/usr/share/logstash/config/logstash.keystore"
      subPath: "logstash.keystore"


  - name: keystore-file
      secretName: test-logstash-keystore-secret

the secret looks like this:

Name:         test-logstash-keystore-secret
Namespace:    default
Labels:       app=logstash
Annotations:  <none>

Type:  Opaque

keystore-password:  4 bytes
logstash.keystore:  970 bytes

The mounted file has owner root with permission 644.
Is it possible via the deployment to give secret which is mounted to a file an explicit ownership with explicit permissions?

Thanks, Andreas

Check out the docs on usings secrets as files from a pod. You can define the default mode for the volume to be mounted into the container :slight_smile:

As far as doing it from a specific user, you can do that by setting the fsGroup as a part of defining the securityContext on the container or pod.