1

With the kubernetes manifest below and the command podman kube play vaultwarden.pod.yaml --replace --userns=auto, I am able to run a rootless readonly container within a podman pod (with user vaultwarden).

---
apiVersion: v1
kind: Pod
metadata:
  labels:
    app: vaultwarden
  name: vaultwarden
spec:
  containers:
  - image: docker.io/vaultwarden/server:latest
    name: vaultwarden
    ports:
    - containerPort: 80
      hostPort: 8080
    securityContext:
      allowPrivilegeEscalation: false
      readOnlyRootFilesystem: true
    volumeMounts:
    - mountPath: /data
      name: vaultwarden-data
  hostUsers: false
  volumes:
  - name: vaultwarden-data
    emptyDir: {}

In order to preserve and ease the backup of data, I would like to mount the volume to a specific location. This is normaly done with the following manifest file (the difference being the volumes section and the mountPath ending with :Z).

---
apiVersion: v1
kind: Pod
metadata:
  labels:
    app: vaultwarden
  name: vaultwarden
spec:
  containers:
  - image: docker.io/vaultwarden/server:latest
    name: vaultwarden
    ports:
    - containerPort: 80
      hostPort: 8080
    securityContext:
      allowPrivilegeEscalation: false
      readOnlyRootFilesystem: true
    volumeMounts:
    - mountPath: /data:Z
      name: vaultwarden-data
  hostUsers: false
  volumes:
  - hostPath:
      path: /home/vaultwarden/data
      type: DirectoryOrCreate
    name: vaultwarden-data

but when running the commands:

  • podman kube play vaultwarden.pod.yaml --replace, the container is not able to write to the folder.
[vaultwarden][ERROR] Error creating private key 'data/rsa_key.pem'
Io.
[CAUSE] Os {
    code: 2,
    kind: NotFound,
    message: "No such file or directory",
}
Exiting Vaultwarden!
  • podman kube play vaultwarden.pod.yaml --replace --userns=auto, the container is not able to write to the folder.
[vaultwarden][ERROR] Error creating private key 'data/rsa_key.pem'
Io.
[CAUSE] Os {
    code: 2,
    kind: NotFound,
    message: "No such file or directory",
}
Exiting Vaultwarden!
  • podman kube play vaultwarden.pod.yaml --replace --userns=keep-id, the container can crate date into the container but somehow there are still some permission denied error.
Error: Rocket.
[CAUSE] Bind(
    Os {
        code: 13,
        kind: PermissionDenied,
        message: "Permission denied",
    },
)

I used vaultwarden container as example but I have the same issue with other containers.

What is wrong with my config/command?

Many thanks

Improve this question
Related questions
8
How to map one single file into kubernetes pod using hostPath?
138
Kubernetes equivalent of env-file in Docker
2
Kubernetes doesn't allow to mount file to container
Load 4 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.