Kubernetes Mounting Volumes in Pods: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 49: Line 49:


=Permissions=
=Permissions=
<font color=darkgray>The container user and group the mount path is mounted under are the pod/container security context user and group.</font>


Also see:
Also see:

Revision as of 18:46, 2 March 2021

External

https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#volumemount-v1-core

Internal

Overview

Specifies how the volumes declared in the volumes section of the manifest are to be mounted (projected) into the container's filesystem. The volumeMounts element contains an array of volume mounts. Each volume mount specifies the volume name and mount details, such as the container filesystem mount path and optionally a subpath inside the external volume, relative to its root. Mounting the same volume (specified by its name) multiple times, as part of different volume mounts with different mount characteristics, such different mount points, subPaths, etc. is permitted.

volumeMounts Pod Manifest Section

kind: Pod
spec:
  containers:
    - name: 'test'
      ...
      volumeMounts:
      - name: 'mount-0'
        mountPath: '/red'
        subPath: 'orange' 

This configuration specifies that the file system exposed by the volume "mount-0" will be mounted inside the container's filesystem as /red. Only a part of the volume "mount-0" filesystem will be exposed, and that is the content of its "/orange" subdirectory.

name

The identifier of the volume to be mounted. Must match the name the volume specification was declared under, in the volumes section of the specification. Is the same volume is used for multiple mount points, those mount points should refer the same volume name.

mountPath

Specifies the path within the container filesystem where the volume will be mounted. Must not contain ':'.

The path does NOT need to be created in advance in the container's filesystem. The mount process will create it, even if contains multiple path elements. The created intermediate path elements will be owned by root, but the final path element will be owned by the UID:GID that runs the container, and if those are not specified, by root. If a directory with the same name as the mount path exists, it will be overwritten, regardless of whether it is empty or it contains files. The new mount point directory will be owned by the container's UID and GID, and if those are not specified, by root.

⚠️ On Mac/Docker Desktop Kubernetes 1.19.3, if the hostPath backing a volume mount is in /tmp, then the mount path directory belongs to root, regardless of whether the container runs under a non-root UID:GID or not.

subPath

Specifies the relative path within the external volume, relative to the root of the external volume, whose content will be mounted as container's volume. If the path does not exist on the external volume, it will be created. If not specified, defaults to "" (external volume's root). subPath value must be a relative, the metadata will cause a deployment error if "/" or a path that starts with "/" is used.

Specifying:

  subPath: ''

is a noop - the metadata will be accepted as correct, and the external volume's root will be mounted.

subPathExpr

Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to subPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). subPathExpr and subPath are mutually exclusive.

readOnly

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

Permissions

Also see:

Use Cases