Defining the defaultMode in a Kubernetes volume field within a deployment element can become quite tricky.
It expects three decimals, corresponding to the binary UNIX permissions.
As an example, to mount the ConfigMap with permissions r------, you'd need to specify 256.
apiVersion: apps/v1
kind: Deployment
metadata:
name: foo
namespace: foo
spec:
replicas: 1
selector:
matchLabels:
app: foo
template:
metadata:
labels:
app: foo
spec:
containers:
- image: php-fpm:latest
volumeMounts:
- name: phpini
mountPath: /usr/local/etc/php/conf.d/99-settings.ini
readOnly: true
subPath: 99-settings.ini
volumes:
- configMap:
defaultMode: 256
name: phpini-configmap
optional: false
name: phpini
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: foo
namespace: foo
name: phpini-configmap
data:
99-settings.ini: |
; Enable Zend OPcache extension module
zend_extension = opcache
Use the following table:
| unix octal | unix readable | binary equivalent | decimal |
|---|---|---|---|
| 0400 | r-------- | 100000000 | 256 |
| 0440 | r--r----- | 100100000 | 288 |
| 0444 | r--r--r-- | 100100100 | 292 |
| 0600 | rw------- | 110000000 | 384 |
| 0640 | rw-r----- | 110100000 | 416 |
| 0660 | rw-rw---- | 110110000 | 432 |
| 0664 | rw-rw-r-- | 110110100 | 436 |
| 0666 | rw-rw-rw- | 110110110 | 438 |
| 0700 | rwx------ | 111000000 | 448 |
| 0770 | rwxrwx--- | 111111000 | 504 |
| 0777 | rwxrwxrwx | 111111111 | 511 |
A more direct way to do this is to use a base8 to base10 converter like this one
Help from Kubernetes docs
defaultModeis optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, likefsGroup, and the result can be other mode bits set.