aws-efs-csi-driver: securityContext doesn't applied when creating pvc

/kind bug

What happened? Deploy Hashicorp vault helm chart that include this securityContext below without the specified uid/gid ( the /vault/data folder created by root ):

securityContext:
        runAsNonRoot: true
        runAsGroup: {{ .Values.server.gid | default 1000 }}
        runAsUser: {{ .Values.server.uid | default 100 }}
        fsGroup: {{ .Values.server.gid | default 1000 }}

What you expected to happen? mount efs persistent volume with the right securityContext attributes How to reproduce it (as minimally and precisely as possible)? deploy vault helm chart with declaring the right storageClass that represents efs.

Environment

  • Kubernetes version: v1.15.3
  • Driver version: 0.2.0

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 1
  • Comments: 25 (5 by maintainers)

Most upvoted comments

Great. So this issue, combined with https://github.com/kubernetes-sigs/aws-efs-csi-driver/issues/300, means that I can neither set fsgroup on the pod’s securityContext, neither can I chown the folder after the fact via an initContainer command.

This effectively leaves our mounted volumes unusable.

+8
svaranasi-corporate on Nov 10, 2021

I’m having the same issue, although fsGroup is specified, the EFS mounted directory doesn’t have the correct permissions for the user to read/write.

+6
rmgpinto on May 31, 2021
Read more comments on GitHub
← aws-efs-csi-driver: Pods are getting stuck in ContainerCreating because of EFS CSI driver error
aws-efs-csi-driver: Volume mount fail after some time →