[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: fsGroup vs. supplementalGroups

Adding Brad.

Erik M Jacobs, RHCA
Principal Technical Marketing Manager, OpenShift Enterprise
Red Hat, Inc.
Phone: 646.462.3745
AOL Instant Messenger: ejacobsatredhat
Twitter: @ErikonOpen
Freenode: thoraxe

On Wed, Jun 22, 2016 at 12:14 PM, Alan Jones <ajones diamanti com> wrote:
I have a configuration for a PV/PVC with a block device that works in the default namespace with the fsGroup tag in the pod spec's securityContext.
I was able to create the pod in a non-default namespace with combination of 'openshift.io/scc: restricted' and a supplementalGroups tag with the same value; but this gave the firmilar permission denied error trying to write to the new directory.
Note, my image is not being built by OpenShift and has a particular user and group that runs out of the box.
1) Can you configure persistent block device storage for non-default projects?
2) Do you need to build the container image for this configuration?
3) Is support required in the volume driver to interpret 'supplementalGroups' separate from 'fsGroup'?
    (I don't see any reference to 'supplementalGroups' in k8s volume code where I do see 'fsGroup'.)
Thank you!

dev mailing list
dev lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]