Uploaded image for project: 'National Data Service'
  1. National Data Service
  2. NDS-980

Can't mount data read-only

XMLWordPrintableJSON

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Normal Normal
    • ThinkChicago
    • None
    • None
    • NDS Sprint 29

      Storing the shared data on Gluster, it seems impossible to mount the data as read-only to containers.  They all have root permissions in the container, which results in root permissions on the shared FS.

      Need to find a better solution.

      For terra, read-only data is mounted RO via NFS.  We could do the same via Gluster, but needs to be at the volume level (which means mounting multiple volumes via clients).  There may be something with Docker --userns-remap flag, but it's unclear whether this works with Kubernetes.

       

      http://blog.aquasec.com/docker-1.10-user-namespace

      https://github.com/kubernetes/kubernetes/issues/33508

              willis8 Craig Willis
              willis8 Craig Willis
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: