I'm trying to mount a Kubernetes secret object as a volume in the following way:
securityContextCustom:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
extraVolumes:
- name: es-security-config
projected:
defaultMode: 0600
sources:
- secret:
name: users-secret
- secret:
name: users-roles-secret
extraVolumeMounts:
- name: es-security-config
mountPath: /usr/share/elasticsearch/config/users
subPath: users
- name: es-security-config
mountPath: /usr/share/elasticsearch/config/users_roles
subPath: users_roles
'users-secret' and 'users-roles-secret' are the kubernetes secret object which I want to mount as a volume in their respective mountPath.
However, when I check the file permissions ls -ltr, I get this:
-rw------- 1 root elasticsearch 24 Feb 2 11:13 users_roles
-rw------- 1 root elasticsearch 136 Feb 2 11:13 users
I decided to use securityContextCustom (using opendistro elastic-search) and change the ownership of the mounted secrets.
running id inside the dir gives me:
uid=1000(elasticsearch) gid=1000(elasticsearch) groups=1000(elasticsearch)
So I'm seeing the ID being changed correctly.
As you can see the group id has changed but the owner still remains as root. Any ideas why this is the case? I want root to be also changed to userid of 1000 (elasticsearch) for our pod to correctly work.
