I'm mounting NFS (on the Azure Virtual Machine) into k8s (AKS). My application is running with Apache (www-data user). Now for some reason I cannot eventually comprehend my application errors with permission denied error, namely it cannot write into mounted NFS volume. It is clearly permissions issue and also I messed it all up together.
Application run by Apache: uid=33(www-data) gid=33(www-data) groups=33(www-data) Exported from NFS directory and all its children (recursively): I've chowned them to www-data:www-data.
When I type id in the container I'm root: uid=0(root) gid=0(root) groups=0(root),1000 When I touch new file in the container in the mounted volume it has permissions: uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup). It is a bit surprising.
When I type id in the NFS server: uid=1000(azureuser) gid=1000(azureuser) groups=1000(azureuser) If I touch new file in NFS server it has: uid=1000(azureuser) gid=1000(azureuser) groups=1000(azureuser). So this I assume is connected with this declaration in deployment k8s config:
securityContext:
fsGroup: 1000
/etc/exports file in the NFS I configured like so:
/export 10.240.0.0/16(rw,async,insecure,fsid=0,crossmnt,no_subtree_check)
I'm confused what is what now, could you help me solving this and clarify what is what?
Btw the connection between NFS and AKS is established (I can create a file in the container in the mounted volume and it will be visible in the NFS server, also opposite works).
