Setup securityContext inside kubernetes deployment

Question

I'm using a nfs mounted volume in my deployments. I need to give it the fsGroup like below:

securityContext:
  runAsUser: 1000
  runAsGroup: 3000
  fsGroup: 2000

Is there a way to make this on the deployment manifest? As I can see on the documentation I can set the securitycontext in the pod yaml only.

deployment got a pod template, that is the same as the pod spec. You can set security context there. — wargre, Jul 30 '19 at 16:27

score 19 · Accepted Answer · answered Jul 31 '19 at 10:03

You can use the securityContext in Deployment in the same way you use it inside Pod.

Like it was already suggested by placing it under template.spec:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-deployment
  labels:
    app: test
spec:
  replicas: 3
  selector:
    matchLabels:
      app: test
  template:
    metadata:
      labels:
        app: test
    spec:
      securityContext:
          runAsUser: 2000
          runAsGroup: 3000
          fsGroup: 2000
      containers:
      - name: test
        image: busybox
        ports:
        - containerPort: 80
        command: [ "sh", "-c", "sleep 1h" ]

And you can test it:

$ kubectl exec -it test-deployment-54d954d7f-2b582  sh
/ $ ps
PID   USER     TIME  COMMAND
    1 2000      0:00 sleep 1h
    6 2000      0:00 sh
   11 2000      0:00 ps
/ $ whoami
whoami: unknown uid 200

Hi, I am facing this exact issue right now (https://stackoverflow.com/questions/59484063/how-to-properly-setup-hostpath-persistent-volume-on-minikube). I can't get this to work in my Deployment. When trying your answer, my pod gets stuck on a `CrashLoopBackOff` error. Checking the logs via `kubectl logs pod/` shows this error: /sbin/runit-wrapper: line 5: can't create /env: Permission denied. I need help badly, please! — Dreadnaut, Dec 26 '19 at 14:17

Setup securityContext inside kubernetes deployment

1 Answers1