babu S:
Hello Everyone !
I have some doubt while mounting the configMaps as a Volumes inside the POD. When I am trying to mount the configMap inside the POD as Volumes, it is mounting with root permission both user and group.
But as per the security standards this has to be mounted as non-root user. To achieve this I have added the security context and defined the runAsUser, runAsGroup and fsGroup as well.
Still the user permission of the volume not getting changed to non-root user mentioned in the security context. Can someone please help in this, it would be grateful for me !!
karpra:
its fine to get mounted as root permission as long as its set to be read only… so your security context and mounting should be readonly which can not be changed…
babu S:
@karpra Thanks for the inputs. When our application undergoes Auditing, Will it not create any issues over there? Because our configMap file under specific VolumeMounts will be like root:appuser permission. That’s why I was just thinking to change the user permission also to appuser.
Please give your inputs here. Thanks in Advance
karpra:
Ideally should try to run the process in container not as riot and preferable to have mount points as readonly access but won’t have issues as long as it can read
babu S:
@karpra sure thanks a lot !