When I started up celery-beat on a project that didn't run as root, I got this error: celery.platforms.LockFailed: [Errno 13] Permission denied: '/data/beat.pid'
When I looked at the filesystem, the data volume had been mounted as root (and it happens after the permissions change that we did in the dockerfile).
fsGroup specifies a group ID that will be added to any processes started in the container, and any volumes mounted will be mounted with that group. (The number 2000 isn't magic. We can choose any number that doesn't clash with the few groups that are on these containers)
When I started up celery-beat on a project that didn't run as root, I got this error:
celery.platforms.LockFailed: [Errno 13] Permission denied: '/data/beat.pid'When I looked at the filesystem, the data volume had been mounted as root (and it happens after the permissions change that we did in the dockerfile).
I believe this is the recommended approach: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
fsGroupspecifies a group ID that will be added to any processes started in the container, and any volumes mounted will be mounted with that group. (The number 2000 isn't magic. We can choose any number that doesn't clash with the few groups that are on these containers)