[GitHub] [airflow] potiuk commented on issue #29429: SSH private key mounted with 777 permission as a volume

["potiuk (via GitHub)" <gi...@apache.org>]

potiuk commented on issue #29429:
URL: https://github.com/apache/airflow/issues/29429#issuecomment-1424008270

   There are many people struggling with similar issues. For example here:
   
   https://groups.google.com/g/kubernetes-sig-storage-bugs/c/5NzywW6b97A
   
   I believe that this is not a docker image problem. Docker image has nothing to do with permissions that are specified for mounted volume. It is always applied by the deployment mechanism, not the image (not even the entrypoint).
   
   There are two problems you have @batulziiy :
   
   * the permissions for symbolic link always look like that. You need to add -L to the ls command to dereference the link and show the permissions of the file the link points at.
   * Kubernetes only accepts DECIMAL specification for default mode and OCTAL is read as decimal - because of limitation of JSON.
   
   At least this is how it **used** to be described in docs (See https://stackoverflow.com/questions/61728030/kubernetes-volume-mount-permissions-incorrect-for-secret) - you should have 256 as value, not 0400 . 0400 is read as "400" which is octal 0620 octal (group write). 
   
   I have not found a documenation about it in recent Secrets documentation of K8S so likely it has been solved differently. But you should check your permissions property first to see what's going on (with -L).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org