2. Programming Q&A
  3. kubernetes - How to create pods with their own non-sharable folders - Stack Overflow

kubernetes - How to create pods with their own non-sharable folders - Stack Overflow

admin2025-04-25  3

I want to create a headless service with a stateful set with 3 replicas. The application I want to run is a simple calculator web app. My application's docker image has the following lines

ARG UID=10001
RUN adduser \
    --disabled-password \
    --gecos "" \
    --home "/data" \
    --shell "/sbin/nologin" \
    --no-create-home \
    --uid "${UID}" \
    appuser
USER appuser

that means the application inside a container runs as a non-root (as appuser with uid=10001).

In particular, I want create three replicas/pods so that each pod has its own (exclusive) folder and pods could have read/write access to the folder. I create my yaml file as following:

apiVersion: v1
kind: Namespace
metadata:
  name: myns
---

apiVersion: v1
kind: Service
metadata:
  namespace: myns
  name: calc-headless
spec:
  clusterIP: None # headless
  ports: 
    - port: 3000
  selector:
    app: calc
  
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  namespace: myns
  labels:
    app: calc
  name: calc
spec:
  serviceName: calc-headless
  replicas: 3
  minReadySeconds: 5
  selector:
    matchLabels:
      app: calc
  template:
    metadata:
      labels:
        app: calc
    spec:
      terminationGracePeriodSeconds: 3
      securityContext:
        runAsUser: 10001
        runAsGroup: 10001
        fsGroup: 10001
        fsGroupChangePolicy: "Always"
      containers:
      - image: path/to/my/image
        name: calc
        ports:
          - containerPort: 3000
        volumeMounts:
          - name: node-data
            mountPath: /my-data
        securityContext:
          runAsUser: 10001
          runAsGroup: 10001
  volumeClaimTemplates:
    - metadata:
        name: node-data
      spec:
        accessModes: [ "ReadWriteOncePod" ]
        resources:
          requests:
            storage: 1Gi

When I run kubectl apply -f headless.yml, k8s successfully creates service and pods. Then I check each pod using kubectl exec -it calc-0 -- /bin/sh and list folder ls -al and I see that the folder /my-data belongs to root:root and hence my pod has no permission to write to it. What do I miss?

UPDATE:

I use minikube. The output of kubectl get storageclasses is

NAME                 PROVISIONER                RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
standard (default)   k8s.io/minikube-hostpath   Delete          Immediate           false                  45d

And output of kubectl get pv is

NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                      STORAGECLASS   VOLUMEATTRIBUTESCLASS   REASON   AGE
pvc-170ff701-8b9e-4df1-b88f-78f4758a19f4   1Gi        RWOP           Delete           Bound    ckad/node-data-calc-0      standard       <unset>                          6m22s
pvc-21d2bca0-be99-4765-8ad1-7c8b28583d8b   1Gi        RWOP           Delete           Bound    ckad/node-data-calc-1      standard       <unset>                          6m12s
pvc-a85807e8-8f48-474e-9ca6-eaf91a8f70a4   1Gi        RWOP           Delete           Bound    ckad/node-data-calc-2      standard       <unset>                          6m2s
转载请注明原文地址:http://anycun.com/QandA/1745533036a90862.html

kubernetesHow to create pods with their own nonsharable foldersStack Overflow