When I have to play with a container image I have never met before, I like to deploy it on a test cluster to poke and prod it. I usually did that on a k3s cluster, but recently I've moved to Minikube to bring my test cluster with me when I'm on the go. Minikube is a tiny one-node Kubernetes cluster meant to run on development machines. It's useful to test Deployments or StatefulSets with images you are not familiar with and build proper helm charts from them. It provides volumes of the hostPath type by default. The major caveat of hostPath volumes is that they're mounted as root by default. I usually handle mismatched ownership with a securityContext like the following to instruct the container to run with a specific UID and GID, and to make the volume owned by a specific group. Typically in a StatefulSet it looks like this: apiVersion: apps/v1 kind: StatefulSet metadata: name: myapp # [...] spec: # [...] template: # [...] spec: securityContext: runAsUser: 10001 runAsGroup: 10001…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.