search

Azure / kubernetes-keyvault-flexvol

Azure keyvault integration with Kubernetes via a Flex Volume
MIT License
253 stars 84 forks source link

Support for Security context FSGroup #86

Closed KevinJCross closed 5 years ago

KevinJCross commented 5 years ago

We have successfully mounted our keyvault and exposed some secrets from multiple vaults. This seems to work well and are happy with this. There is a problem using this driver in our products because we are trying to read these using a module in a node/java app that is not running at root user.

Currently all the mounts are as using root group and user consequently we can not read the secrets in the flexvolume.

Please can we support the security context features:

spec:
  securityContext:
    runAsUser: xxx
    fsGroup: xxx
KevinJCross commented 5 years ago

This was not needed ... It seems 

  securityContext:
    runAsUser: xxx
    fsGroup: xxx

is not compatible with the readonly on the flex-volume .... once this was removed it set the group but not the user.