From a85ba299385d8852ecb4bbbbbd93d0d664d5809b Mon Sep 17 00:00:00 2001 From: Ashish Thakur Date: Wed, 11 Feb 2026 15:27:31 +0530 Subject: [PATCH 1/2] chore(docs): improve docs of jkube-volume-permission enricher --- .../_jkube_volume_permission.adoc | 208 +++++++++++++++++- 1 file changed, 200 insertions(+), 8 deletions(-) diff --git a/jkube-kit/doc/src/main/asciidoc/inc/enricher/volume-permission/_jkube_volume_permission.adoc b/jkube-kit/doc/src/main/asciidoc/inc/enricher/volume-permission/_jkube_volume_permission.adoc index cb8dcd7f23..c0d7b99735 100644 --- a/jkube-kit/doc/src/main/asciidoc/inc/enricher/volume-permission/_jkube_volume_permission.adoc +++ b/jkube-kit/doc/src/main/asciidoc/inc/enricher/volume-permission/_jkube_volume_permission.adoc @@ -2,7 +2,57 @@ [[jkube-volume-permission]] ==== jkube-volume-permission -Enricher which fixes the permission of persistent volume mount with the help of an init container. +Enricher which automatically adds an init container to fix permissions on persistent volume mounts. + +When your application uses PersistentVolumeClaims, this enricher detects them and adds an init container that runs `chmod` to ensure the mounted volumes have the correct permissions before your application starts. + +**Behavior:** + +* Automatically triggered when PersistentVolumeClaims are detected in your Pod specification +* Creates an init container named `jkube-volume-permission` that runs before your application containers +* Mounts all PersistentVolumeClaims and applies the specified permissions (default: `777`) + +ifeval::["{plugin-type}" == "maven"] +===== Disabling the enricher + +If you don't need automatic permission fixing, you can exclude this enricher in your `pom.xml`: + +[source,xml,indent=0,subs="verbatim,quotes,attributes"] +---- + + org.eclipse.jkube + {plugin} + + + + jkube-volume-permission + + + + +---- + +NOTE: Enricher excludes cannot be configured via Maven properties. You must use the XML configuration above. +endif::[] + +ifeval::["{plugin-type}" == "gradle"] +===== Disabling the enricher + +If you don't need automatic permission fixing, you can exclude this enricher in your `build.gradle`: + +[source,groovy,indent=0,subs="verbatim,quotes,attributes"] +---- +{task-prefix} { + enricher { + excludes = ["jkube-volume-permission"] + } +} +---- + +NOTE: Enricher excludes cannot be configured via `gradle.properties`. You must use the DSL configuration above in your `build.gradle` file. +endif::[] + +===== Configuration .Supported properties [cols="1,6,1"] @@ -10,31 +60,173 @@ Enricher which fixes the permission of persistent volume mount with the help of | Option | Description | Property | *imageName* -| Image name for PersistentVolume init container +| Image name for the init container. + + Useful when the default `quay.io/quay/busybox` is not accessible (e.g., corporate registries with restricted access). Defaults to `quay.io/quay/busybox`. | `jkube.enricher.jkube-volume-permission.imageName` | *permission* -| PersistentVolume init container access mode +| Unix permission mode to apply to mounted volumes (e.g., `755`, `777`). -Defaults to `777`. + Defaults to `777`. | `jkube.enricher.jkube-volume-permission.permission` | *cpuLimit* -| Set PersistentVolume *initContainer*'s `.resources` CPU limit +| CPU limit for the init container (e.g., `100m`, `0.5`). | `jkube.enricher.jkube-volume-permission.cpuLimit` | *memoryLimit* -| Set PersistentVolume *initContainer*'s `.resources` memory limit +| Memory limit for the init container (e.g., `64Mi`, `128Mi`). | `jkube.enricher.jkube-volume-permission.memoryLimit` | *cpuRequest* -| Set PersistentVolume *initContainer*'s `.resources` CPU request +| CPU request for the init container (e.g., `50m`, `0.1`). | `jkube.enricher.jkube-volume-permission.cpuRequest` | *memoryRequest* -| Set PersistentVolume *initContainer*'s `.resources` memory request +| Memory request for the init container (e.g., `32Mi`, `64Mi`). | `jkube.enricher.jkube-volume-permission.memoryRequest` |=== + +ifeval::["{plugin-type}" == "maven"] +===== Examples + +====== Using a custom image + +If your environment blocks access to `quay.io/quay/busybox` (e.g., corporate firewall restrictions), specify an alternative image. + +**Option 1: Plugin configuration (pom.xml)** +[source,xml,indent=0,subs="verbatim,quotes,attributes"] +---- + + org.eclipse.jkube + {plugin} + + + + + your-registry.com/busybox:latest + 755 + + + + + +---- + +**Option 2: Maven properties (pom.xml)** +[source,xml,indent=0,subs="verbatim,quotes,attributes"] +---- + + your-registry.com/busybox:latest + 755 + +---- + +**Option 3: Command line** +[source,bash,indent=0,subs="verbatim,quotes,attributes"] +---- +mvn {goal-prefix}:resource \ + -Djkube.enricher.jkube-volume-permission.imageName=your-registry.com/busybox:latest \ + -Djkube.enricher.jkube-volume-permission.permission=755 +---- + +====== Setting resource limits + +Control the resource consumption of the init container: + +**Using plugin configuration:** +[source,xml,indent=0,subs="verbatim,quotes,attributes"] +---- + + + + 100m + 64Mi + 50m + 32Mi + + + +---- + +**Using Maven properties:** +[source,xml,indent=0,subs="verbatim,quotes,attributes"] +---- + + 100m + 64Mi + +---- +endif::[] + +ifeval::["{plugin-type}" == "gradle"] +===== Examples + +====== Using a custom image + +If your environment blocks access to `quay.io/quay/busybox` (e.g., corporate firewall restrictions), specify an alternative image. + +**Option 1: Gradle DSL (build.gradle)** +[source,groovy,indent=0,subs="verbatim,quotes,attributes"] +---- +{task-prefix} { + enricher { + config { + "jkube-volume-permission" { + imageName = "your-registry.com/busybox:latest" + permission = "755" + } + } + } +} +---- + +**Option 2: Gradle properties (gradle.properties)** +[source,properties,indent=0,subs="verbatim,quotes,attributes"] +---- +jkube.enricher.jkube-volume-permission.imageName=your-registry.com/busybox:latest +jkube.enricher.jkube-volume-permission.permission=755 +---- + +**Option 3: Command line** +[source,bash,indent=0,subs="verbatim,quotes,attributes"] +---- +gradle {task-prefix}Resource \ + -Pjkube.enricher.jkube-volume-permission.imageName=your-registry.com/busybox:latest \ + -Pjkube.enricher.jkube-volume-permission.permission=755 +---- + +====== Setting resource limits + +Control the resource consumption of the init container: + +**Using Gradle DSL:** +[source,groovy,indent=0,subs="verbatim,quotes,attributes"] +---- +{task-prefix} { + enricher { + config { + "jkube-volume-permission" { + cpuLimit = "100m" + memoryLimit = "64Mi" + cpuRequest = "50m" + memoryRequest = "32Mi" + } + } + } +} +---- + +**Using gradle.properties:** +[source,properties,indent=0,subs="verbatim,quotes,attributes"] +---- +jkube.enricher.jkube-volume-permission.cpuLimit=100m +jkube.enricher.jkube-volume-permission.memoryLimit=64Mi +jkube.enricher.jkube-volume-permission.cpuRequest=50m +jkube.enricher.jkube-volume-permission.memoryRequest=32Mi +---- +endif::[] From f8ec9799eafac462a3b70de6f4cc8016167337f9 Mon Sep 17 00:00:00 2001 From: Ashish Thakur Date: Wed, 11 Feb 2026 15:31:18 +0530 Subject: [PATCH 2/2] chore(docs): updated chnagelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95fc7eda30..5d10d1e577 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ Usage: ``` ### 1.20-SNAPSHOT +* Fix: Improve docs for jkube-volume-permission enricher ### 1.19.0 (2026-02-09) * Fix #3840: Bump helm-java to 0.0.19