subPathExpr field creates the path with root permission

General Discussions
1

I am trying to run the container in the context of ubuntu. Each pod will create logs under /logs folder. Since all the pods of the same service will use same folder, I would like to create a subpath and expose it to container as logs. The subpath is the pod name. The subpath is created with root permission. Since, I am trying to run in the context of ubuntu, the container is unable to create logs under the mounted path. How to change the permission of subPath created dynamically? Are there any other ways to do it?

Output of id command.
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),109(netdev),110(lxd)

For instance, I have mounted /home/prod_logs/catalog/ as /logs. The pod name is generated at run time using subPathExpr

Cluster information:

Kubernetes version:1.16
Cloud being used: bare metal
Installation method: Kubeadm
Host OS: ubuntu 16.04
CNI and version:
CRI and version:

   apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-deployment
  labels:
    name: demo-deployment
    app: tesapp
spec:
  replicas: 2
  selector:
    matchLabels:
     name: demo-pod
     app: tesapp
  template:
    metadata:
      labels:
        name: demo-pod
        app: tesapp
        tier: backend
    spec:
     securityContext:
      runAsUser: 1000
      runAsGroup: 1000
      fsGroup: 1000
     containers:
     - name: demoservice
       env:
         - name: POD_NAME
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.name
       image: demoservice
       imagePullPolicy: Never
       ports:
       - containerPort: 8086
       resources:
        limits:
            cpu: 2
        requests:
            cpu: 1
       volumeMounts:
       - mountPath: /logs
	     name: tesapplogs
         subPathExpr: $(POD_NAME)
     volumes:
      - name: tesapplogs
        hostPath:
         path: /home/ec2-user/tesapp_logs/demoservice/
---
apiVersion: v1
kind: Service
metadata:
  name: demoservice
  labels:
    app: tesapp
    tier: backend
spec:
  type: ClusterIP
  ports:
  - port: 8086
    targetPort: 8086
  selector:
    app: tesapp
    name: demo-pod
    tier: backend
---
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
  name: demoscaler
  namespace: default
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: demo-deployment
  minReplicas: 1
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
		averageUtilization: 25
2

Move securityContext under container demoservice so that other containers can run as root. Introduce one initContainer (busybox) which will create your subdir and chown to 1000:1000.