MarkosS
Flight Engineer
Flight Engineer
  • 210 Views

openshift practice: nextcloud installation - pod root access

Has anyone tried to install nextcloud in openshift?

There is a template available and it is pretty straightforward procedure. However the application needs me to change a folder rights: This however is not possible as these pods are rootless.

Is there any way to change this? oc debug pod can create a pod copy with root access but it is a copy, not the original pod, so it does not solve the problem..

Labels (1)
0 Kudos
2 Replies
ericbos
Flight Engineer
Flight Engineer
  • 150 Views

You might want to create a service account and assign an scc to it.

flozano
Moderator
Moderator
  • 116 Views

I know nothing about nextcloud, if it is an infrastructure application the following may not apply:

Properly designed applications should not require running as root. OpenShift enforces that by default but it is a known best practice for any Kubernetes deployment.

 

Yes you can grant your project's service account with access to a less restricted SCC, such as "anyuid" to workaround the issue, but the best practice would be to request the vendor to fix the container image or its manifests to not require root.

Kubernetes is not able to run containers under a user namespace so any container running as root increases the potential exposure of your cluster to security issues.

Join the discussion
You must log in to join this conversation.