Support to securityContext.fsGroup to override the owner of mounted volumes
heitorrbarros opened this issue · comments
Hi there!
I recently attached SSDs for caching purposes and enabled them by mounting the volume at /data/trino/cache. However, upon doing so, I encountered the following exception from Alluxio:
IllegalArgumentException: Cannot write to cache directory /data/trino/cache.
After some investigation, I suspect that I need to specify the fsGroup to 1000
in pod.spec.securityContext
. Currently, the chart supports runAsGroup and runAsUser in securityContext:
...
{{- with .Values.securityContext }}
securityContext:
runAsUser: {{ .runAsUser }}
runAsGroup: {{ .runAsGroup }}
{{- end }}
...
The volume declared into pod spec:
...
- name: ebs-cache-volume
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
volumeMode: Filesystem
...
Could you please confirm if adding fsGroup: 1000 to the pod.spec.securityContext
would resolve this issue? If not, any guidance on how to properly configure the security context for SSD caching would be greatly appreciated.
Thanks in advance for your help!
PR adding the fsGroup
Would it be worth making the entire podSecurityContext
a templated value?