Skip to content

Commit b1cb53c

Browse files
corryrootjwilliams-mongo
authored andcommitted
(DOCSP-23623): Updated securityContext info. (#982)
* (DOCSP-23623): Updated securityContext info. * (DOCSP-23623): Incorporated Mircea's feedback. * (DOCSP-23623): Incorporated Julia's feedback. * (DOCSP-23623): Incorporated Sebastian's feedback.
1 parent fc104af commit b1cb53c

File tree

4 files changed

+13
-18
lines changed

4 files changed

+13
-18
lines changed
Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,15 @@
11
.. warning::
22

33
Grant your containers permission to write to your |k8s-pv|.
4-
The |k8s-op-short| sets ``fsGroup = 2000`` in
5-
:k8sdocs:`securityContext </tasks/configure-pod-container/security-context/>`
6-
This makes |k8s|
7-
:k8sdocs:`try to fix write permissions </tasks/configure-pod-container/security-context/#discussion>`
8-
for the |k8s-pv|. If redeploying the resource does not fix
9-
issues with your |k8s-pvs|, contact MongoDB support.
4+
The |k8s-op-short| sets ``fsGroup = 2000``, ``runAsUser = 2000``,
5+
and ``runAsNonRoot = true`` in ``securityContext``. |k8s-op-short|
6+
sets ``fsgroup`` equal to ``runAsUser`` to make the volume writable
7+
for a user that runs the main process in the container. To learn
8+
more, see :k8sdocs:`Configure a
9+
Security Context for a Pod or Container
10+
</tasks/configure-pod-container/security-context/>` and the related
11+
:k8sdocs:`discussion
12+
</tasks/configure-pod-container/security-context/#discussion>` in
13+
the |k8s| documentation. If redeploying the resource doesn't fix
14+
issues with your Persistent Volume, contact `MongoDB Support
15+
<https://support.mongodb.com/welcome>`__.

source/includes/admonitions/k8s-persistent-volumes.rst

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,4 @@
1-
.. warning::
2-
3-
Your containers must have permissions to write to your |k8s-pv|.
4-
The |k8s-op-short| sets ``fsGroup = 2000`` in
5-
`securityContext <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/>`__
6-
This makes |k8s|
7-
`try to fix write permissions <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#discussion>`__
8-
for the |k8s-pv|. If redeploying the deployment item does not fix
9-
issues with your |k8s-pvs|, contact `MongoDB Support
10-
<https://support.mongodb.com/welcome>`__.
1+
.. include:: /includes/admonitions/k8s-persistent-volumes-om.rst
112

123
.. note::
134

source/reference/k8s/example-nginx-deployment-k8s.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,6 @@ spec:
5151
- name: mongodb-tools
5252
mountPath: /tools/db/
5353
restartPolicy: Always
54-
securityContext: {}
5554
terminationGracePeriodSeconds: 30
5655
volumes:
5756
- name: mongodb-versions

source/reference/k8s/example-nginx-deployment-os.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,6 @@ spec:
5151
- name: mongodb-tools
5252
mountPath: /tools/db/
5353
restartPolicy: Always
54-
securityContext: {}
5554
terminationGracePeriodSeconds: 30
5655
volumes:
5756
- name: mongodb-versions

0 commit comments

Comments
 (0)