Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/scala/17.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Kubernetes 具有特定用户权限的Azure磁盘的永久卷声明_Kubernetes_Persistent Volumes_Azure Aks_Persistent Volume Claims - Fatal编程技术网
Fatal编程技术网
  • kubernetes/
  • Kubernetes 具有特定用户权限的Azure磁盘的永久卷声明

Kubernetes 具有特定用户权限的Azure磁盘的永久卷声明

kubernetes

Kubernetes 具有特定用户权限的Azure磁盘的永久卷声明,kubernetes,persistent-volumes,azure-aks,persistent-volume-claims,Kubernetes,Persistent Volumes,Azure Aks,Persistent Volume Claims,我正在尝试创建一个动态Azure磁盘卷,以便在具有特定权限要求的pod中使用 容器,因此我需要找到一种方法来装载(至少)该用户具有rw权限的卷 定义了以下StorageClass apiVersion: storage.k8s.io/v1 kind: StorageClass provisioner: kubernetes.io/azure-disk reclaimPolicy: Delete volumeBindingMode: Immediate metadata: name: foo-

我正在尝试创建一个动态Azure磁盘卷,以便在具有特定权限要求的pod中使用

容器,因此我需要找到一种方法来装载(至少)该用户具有rw权限的卷

定义了以下
StorageClass

apiVersion: storage.k8s.io/v1
kind: StorageClass
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Delete
volumeBindingMode: Immediate
metadata:
  name: foo-storage
mountOptions:
  - rw
parameters:
  cachingmode: None
  kind: Managed
  storageaccounttype: Standard_LRS
还有这个PVC

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: foo-storage
  namespace: foo
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: foo-storage
  resources:
    requests:
      storage: 1Gi
我可以在pod中运行以下操作:

containers:
  - image: ubuntu
    name: foo
    imagePullPolicy: IfNotPresent
    command:
      - ls
      - -l
      - /var/lib/foo
    volumeMounts:
      - name: foo-persistent-storage
        mountPath: /var/lib/foo
volumes:
  - name: foo-persistent-storage
    persistentVolumeClaim:
      claimName: foo-storage
pod将正确安装和启动,但kubectl日志将显示

total 24
drwxr-xr-x 3 root root  4096 Nov 23 11:42 .
drwxr-xr-x 1 root root  4096 Nov 13 12:32 ..
drwx------ 2 root root 16384 Nov 23 11:42 lost+found
i、 e.当前目录由
root
所有,对所有其他用户为只读

我曾尝试将
mountOptions
部分添加到
StorageClass
,但无论我尝试什么(
uid=472
user=472
等),启动时都会出现装载错误,例如

mounting arguments: --description=Kubernetes transient mount for /var/lib/kubelet/plugins/kubernetes.io/azure-disk/mounts/m1019941199 --scope -- mount -t ext4 -o group=472,rw,user=472,defaults /dev/disk/azure/scsi1/lun0 /var/lib/kubelet/plugins/kubernetes.io/azure-disk/mounts/m1019941199
Output: Running scope as unit run-r7165038756bf43e49db934e8968cca8b.scope.
mount: wrong fs type, bad option, bad superblock on /dev/sdc,
       missing codepage or helper program, or other error

       In some cases useful info is found in syslog - try
       dmesg | tail or so.
我也试着从中获取一些信息,但我没有找到任何有效的方法

如何配置此存储类、持久卷声明和卷装载,以便运行容器进程的非根用户能够访问装载路径中的写入(和创建子目录)?您需要定义pod规范的
securityContext
,如下所示:,因此它与新运行的用户和组id匹配:

securityContext:
  runAsUser: 472
  fsGroup: 472
稳定的格拉法纳头盔图表也以同样的方式进行。请参阅此处配置下的
securityContext

GKE在添加-uid=2000-gid=3000时抛出类似错误。fs类型错误、选项错误、/dev/sdb上的超级块错误、缺少代码页或帮助程序或其他错误