I have a Debian box running Kubernetes, there I got ALL my production environment with nearly 50 deployments. My problem is that in one of the pods which is running Odoo server as a non priviledge user some files (not all of them) are being created with root user as owner.
this is my deployment yaml:
---
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
namespace: odoo
name: app
spec:
selector:
matchLabels:
app: odoo
strategy:
type: Recreate
template:
metadata:
labels:
app: odoo
spec:
securityContext:
fsGroup: 1000
containers:
- name: odoo
image: my-odoo
command:
- /docker-entrypoint.sh
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: odoo
- containerPort: 110
name: pop3
- containerPort: 995
name: pop3s
- containerPort: 25
name: smtp
- containerPort: 993
name: imaps
volumeMounts:
- name: home
mountPath: /home
- name: maildir
mountPath: /var/mail
volumes:
- name: maildir
hostPath:
path: /mnt/odoo/maildir
- name: home
hostPath:
path: /mnt/odoo/home
In my entrypoint script I run odoo using supervisord here is my conf:
[group:odoo]
programs = odoo-web, odoo-monitor, odoo-beat, odoo-worker-default-0, odoo-worker-cdr-1, odoo-worker-notifications-2, odoo-worker-default-notifications-3
[program:odoo-web]
user = odoo
directory = /home/odoo/var/run
command = /home/odoo/bin/odoo-bin --proxy-mode
[program:odoo-worker-default-0]
user = odoo
directory = /home/odoo/var/run
command = /home/odoo/bin/odoo-bin celery worker -l INFO -n default-0@%%h -c4 -Q odoo-10.0.default
[program:odoo-worker-cdr-1]
user = odoo
directory = /home/odoo/var/run
command = /home/odoo/bin/odoo-bin celery worker -l INFO -n cdr-1@%%h -c1 -Q odoo-10.0.cdr
[program:odoo-worker-notifications-2]
user = odoo
directory = /home/odoo/var/run
command = /home/odoo/bin/odoo-bin celery worker -l INFO -n notifications-2@%%h -c2 -Q odoo-10.0.notifications
[program:odoo-worker-default-notifications-3]
user = odoo
directory = /home/odoo/var/run
command = /home/odoo/bin/odoo-bin celery worker -l INFO -n default-notifications-3@%%h -c2 -Q odoo-10.0.default,odoo-10.0.notifications
[program:odoo-beat]
user = odoo
directory = /home/odoo/var/run
command = /home/odoo/bin/odoo-bin celery beat -s /home/odoo/var/celerybeat-schedule
[program:odoo-monitor]
user = odoo
directory = /home/odoo/var/run
command = /home/odoo/bin/odoo-bin celery flower`
As you can see all process are running as user odoo which has uid 1000.
My underlying docker file system is overlay2.
Can anyone tell me why I'm getting messed up owner in files created by a non root process?