We host our apps on a multi-tentant, shared K8s cluster. We have our own namespaces.
We are trying to mount an S3FS bucket on our container. The aim is to run scripts (Shell/Python/Perl) on files in this bucket.
We encounter this error during container start when the below mount script is called:
s3fs latest scripts_mount_dir -o passwd_file=passwd -o url=https://cloudstorage-aws.dell.com -o use_path_request_style -o allow_other -o dbglevel=info -o max_background=1000 -o umask=0007,uid=1001
s3fs: error while loading shared libraries: libcurl-gnutls.so.4: cannot open shared object file: No such file or directory
Here is the relevant YAML snippet:
volumeMounts:
- name: app-config
mountPath: /opt/app/config
readOnly: true - name: devfuse
mountPath: /fusemnt/emptydir
securityContext:
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop: [ “ALL” ]
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
ports:
- containerPort: 8080
volumes:
- name: app-config
configMap:
name: controller-cm
items:
- key: application.yml
path: application.yml
- name: devfuse
emptyDir: { }
When we run this as a privileged container, it works, but not as a standard container using the baseline policy.
The K8s admin has refused to grant us privileged access since it is a multi-tenant cluster.
Any idea what we’re doing wrong or what we can do differently? Also, any suggestions on alternate methods to mount an S3FS bucket? We understand, NAS is perhaps better suited here, but copying from S3FS to NAS is not practical in our case.