Hi. I'm trying to get my head around NFS permissions for the external nfs storage class. We've set up the nfs-subdir-external-provisioner and have an NFS server set up and all that good stuff. I can deploy a workload and request a PV to be created and that works.
What I'm wondering about is permission handling. Say we have an NFS server that we want to have available to users on Linux systems direct via NFS where people can put files in their PVCs, yet still have it functional in K8s. It seems like when the provisioner creates a volume, it's owned by 'nfsnobody' on our server, with 777 permissions on it. Meaning anyone who can access our nfs server can theoretically access any PVC inside of it.
What I'd like ideally is that the user that's submitting a workload 'own' the NFS directory where the PVC resides. Has anyone done anything like this or dealt with closing down NFS permissions for this?