It looks like the Consul data files are created using 600 permissions. Is there a capability to specify an alternative file permission (e.g. 660)?
The context for my question is the desire to use kubernetes runAsUser to start Consul with the data files on a persistent volume.
We’d like to be able to change the runAsUser without encountering “permission denied” errors due to file permissions on a system whose securityContext which is not privileged and does not allow privilege escalation.
securityContext: allowPrivilegeEscalation: false privileged: false
We tried recreating this scenario locally using the consul-helm template and updating the podSpec on the StatefulSet for the Consul Server. We experimented with changing the fsGroup/runAsUser/runAsGroup but were unable to reproduce a scenario where we ran into a “permission denied” situation on the consul data files.
Could you provide us with a config or reproduction steps so that we could recreate this scenario locally and understand it further?