MarkosS
Flight Engineer
Flight Engineer
  • 1,502 Views

openshift practice: nextcloud installation - pod root access

Has anyone tried to install nextcloud in openshift?

There is a template available and it is pretty straightforward procedure. However the application needs me to change a folder rights: This however is not possible as these pods are rootless.

Is there any way to change this? oc debug pod can create a pod copy with root access but it is a copy, not the original pod, so it does not solve the problem..

Labels (1)
3 Replies
ericbos
Flight Engineer
Flight Engineer
  • 1,442 Views

You might want to create a service account and assign an scc to it.

flozano
Moderator
Moderator
  • 1,408 Views

I know nothing about nextcloud, if it is an infrastructure application the following may not apply:

Properly designed applications should not require running as root. OpenShift enforces that by default but it is a known best practice for any Kubernetes deployment.

 

Yes you can grant your project's service account with access to a less restricted SCC, such as "anyuid" to workaround the issue, but the best practice would be to request the vendor to fix the container image or its manifests to not require root.

Kubernetes is not able to run containers under a user namespace so any container running as root increases the potential exposure of your cluster to security issues.

xadhoom76
Cadet
Cadet
  • 321 Views

Hi, we as Nextcloud Partner have just released a basic image to be used with Podman and Openshift in Red Hat ecosystem catalog

We are now packaging a complete solution for k8s/openshift in order to have all the necessary features we collected in these years. If you need info feel free to contact us.

Join the discussion
You must log in to join this conversation.