Change UID in influxdb Docker container when running in Kubernetes

Ken E

4/25/24, 12:25 PM

When mounting persistent storage for influxdb container the NFS storage ownership is changed to uid 1000 when container is run. Need to have a known RHEL host user (2000) have ownership of the file system.

Tried setting the runAsUser security option in Kubernetes but the container errors out stating permissions error.
Tried creating a custom dockerfile, adding the user 2000 and running container as that user but receive error: unauthorized: access to request resource is not authorized.
Also looked at user namespaces but uncertain how to configure that. -Tried the init container suggestion and that failed. Below is the code and error message.

initContainers:
- name: init-influxdb
image: /influxdb:0.2.10
command: ['sh', '-c', "chown 2000:2000 /var/lib/influxdb2"]

The error message that I get in the logs is:

stderr F chown: changing ownership of '/var/lib/influxdb2': operation not permitted

201

0 + 3

redhat

nfs4

docker

kubernetes

influxdb

mdaniel

4/26/24, 2:45 AM

Hi Ken E welcome to S.F. That's the typical pattern that one would use an `initContainer:` to solve, so the `initContainer:` can run as root, and thus execute chown to 2000 as required, leaving the workload container to execute with the `runAsUser:` as you described

Ken E

4/26/24, 5:07 PM

Thank you for the suggestion. I tried it, but it still fails and the logs state that changing ownereship of /var/lib/influxdb2 is not permitted. I added an initContainer with the command ['sh', 'c', "chown 2000:2000 /var/lib/influxdb2"] . The influx container never starts up because this initcontainer fails.

mdaniel

4/26/24, 7:11 PM

Well, thus far your question and comments are just a bunch of words, and if you made the same mistake in your pod as you did in your comment that'd be a fine reason it wouldn't work. Please [edit your question](https://serverfault.com/posts/1129636/edit) and include the actual code of your attempt so we're all on the same page about what's going on. Bonus points for including the logs of the init container for comparison

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Change UID in influxdb Docker container when running in Kubernetes

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.