使用kubernetes和Logstash的权限被拒绝错误
我使用Logstash侧车来监视部署中的日志文件。我打算使用configmap将我自己的logstash.yml传递到logstash侧车。我的第一个实现如下使用kubernetes和Logstash的权限被拒绝错误,kubernetes,logstash,Kubernetes,Logstash,我使用Logstash侧车来监视部署中的日志文件。我打算使用configmap将我自己的logstash.yml传递到logstash侧车。我的第一个实现如下 - name: logstash-sidecar image: docker.elastic.co/logstash/logstash:7.2.0 volumeMounts: - name: shared-plugins-logstash mountPath: /usr/share/logs
- name: logstash-sidecar
image: docker.elastic.co/logstash/logstash:7.2.0
volumeMounts:
- name: shared-plugins-logstash
mountPath: /usr/share/logstash/plugins/
- name: logstash-yaml
readOnly: true
mountPath: /usr/share/logstash/config/logstash.yml
subPath: logstash.yml
- name: logstash-conf
mountPath: /usr/share/logstash/pipeline/logstash.conf
subPath: logstash.conf
- name: shared-logs
mountpath: var/logs/logstash
volumes:
- name: shared-plugins-logstash
emptyDir: {}
- name: logstash-yaml
configMap:
name: logstash-yaml
- name: logstash-conf
configMap:
name: logstash-conf
其卷数如下:
- name: logstash-sidecar
image: docker.elastic.co/logstash/logstash:7.2.0
volumeMounts:
- name: shared-plugins-logstash
mountPath: /usr/share/logstash/plugins/
- name: logstash-yaml
readOnly: true
mountPath: /usr/share/logstash/config/logstash.yml
subPath: logstash.yml
- name: logstash-conf
mountPath: /usr/share/logstash/pipeline/logstash.conf
subPath: logstash.conf
- name: shared-logs
mountpath: var/logs/logstash
volumes:
- name: shared-plugins-logstash
emptyDir: {}
- name: logstash-yaml
configMap:
name: logstash-yaml
- name: logstash-conf
configMap:
name: logstash-conf
logstash yaml配置映射
apiVersion: v1
kind: ConfigMap
metadata:
name: logstash-yaml
data:
logstash.yml: |
http.host: "0.0.0.0"
path.config: /usr/share/logstash/pipeline
log.level: debug
path.logs: /var/logs/logstash
这将生成一个错误,说明/usr/share/logstash/config/是只读文件系统
我研究了这个问题,也看到了下面的解决方案
第二种解决方案产生了一个新的错误,即
权限被拒绝无法打开/usr/share/logstash/config/logstash.yml
将容器的安全上下文设置为2000也无助于运行容器
对此,我们将不胜感激。我也尝试了默认模式,但也没有成功。您是否检查了logstash容器中对此文件夹的权限(
/usr/share/logstash/config/
)?容器经常在我看到它之前崩溃。但我尝试将configmap卷装载到busybox容器上,结果表明它归root所有。因此,我假设在logstash场景中仍然会出现这种情况。您可以共享logstash sidecar部署吗?我也尝试了默认模式,但这种模式也不起作用。您是否检查了logstash容器中此文件夹的权限(/usr/share/logstash/config/
)?容器经常在我看到它之前崩溃。但我尝试将configmap卷装载到busybox容器上,结果表明它归root所有。因此,我假设在logstash场景中仍然是这样,您可以共享logstash侧车部署吗?