[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

fsGroup vs. supplementalGroups



I have a configuration for a PV/PVC with a block device that works in the default namespace with the fsGroup tag in the pod spec's securityContext.
I was able to create the pod in a non-default namespace with combination of 'openshift.io/scc: restricted' and a supplementalGroups tag with the same value; but this gave the firmilar permission denied error trying to write to the new directory.
https://docs.openshift.com/enterprise/3.2/install_config/storage_examples/shared_storage.html
Note, my image is not being built by OpenShift and has a particular user and group that runs out of the box.
1) Can you configure persistent block device storage for non-default projects?
2) Do you need to build the container image for this configuration?
3) Is support required in the volume driver to interpret 'supplementalGroups' separate from 'fsGroup'?
    (I don't see any reference to 'supplementalGroups' in k8s volume code where I do see 'fsGroup'.)
Thank you!
Alan

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]