set proper file permission for projected service account volume

2025-09-21 01:50:55 +00:00 · 2020-03-20 10:21:44 -07:00
parent fbacb6e264
commit 3db7275b54
13 changed files with 510 additions and 72 deletions
--- a/pkg/volume/volume.go
+++ b/pkg/volume/volume.go
@@ -103,6 +103,10 @@ type Attributes struct {

 // MounterArgs provides more easily extensible arguments to Mounter
 type MounterArgs struct {
+	// When FsUser is set, the ownership of the volume will be modified to be
+	// owned and writable by FsUser. Otherwise, there is no side effects.
+	// Currently only supported with projected service account tokens.
+	FsUser              *int64
 	FsGroup             *int64
 	FSGroupChangePolicy *v1.PodFSGroupChangePolicy
 	DesiredSize         *resource.Quantity
@@ -126,7 +130,7 @@ type Mounter interface {

 	// SetUp prepares and mounts/unpacks the volume to a
 	// self-determined directory path. The mount point and its
-	// content should be owned by 'fsGroup' so that it can be
+	// content should be owned by `fsUser` or 'fsGroup' so that it can be
 	// accessed by the pod. This may be called more than once, so
 	// implementations must be idempotent.
 	// It could return following types of errors:
@@ -137,7 +141,7 @@ type Mounter interface {

 	// SetUpAt prepares and mounts/unpacks the volume to the
 	// specified directory path, which may or may not exist yet.
-	// The mount point and its content should be owned by
+	// The mount point and its content should be owned by `fsUser`
 	// 'fsGroup' so that it can be accessed by the pod. This may
 	// be called more than once, so implementations must be
 	// idempotent.