如何将容器卷(非root用户)装载到Kubernetes中主机上的root用户?
当我尝试将应用程序日志卷从容器装载到主机时 获取错误:不允许操作如何将容器卷(非root用户)装载到Kubernetes中主机上的root用户?,kubernetes,Kubernetes,当我尝试将应用程序日志卷从容器装载到主机时 获取错误:不允许操作 spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 initContainers: - name: volume-mount-permission image: xx.xx.xx.xx/orchestration/credit-card command: - sh - -c
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
initContainers:
- name: volume-mount-permission
image: xx.xx.xx.xx/orchestration/credit-card
command:
- sh
- -c
- chown -R 1000:1000 /opt/payara/appserver/glassfish/logs/credit-card
- chgrp 1000 /opt/payara/appserver/glassfish/logs/credit-card
volumeMounts:
- name: card-corp-logs
mountPath: /opt/payara/appserver/glassfish/logs/credit-card
readOnly: false
containers:
- name: credit-card
image: xx.xx.xx.xx/orchestration/credit-card
imagePullPolicy: Always
securityContext:
privileged: true
runAsUser: 1000
ports:
- name: credit-card
containerPort: 8080
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
volumeMounts:
- name: override-setting-storage
mountPath: /p/config
- name: credit-card-teamsite
mountPath: /var/credit-card/teamsite/card_corp
容器路径-/opt/payara/appserver/glassfish/logs/credit-card-to-hostPath
有谁能帮我找出我在部署yml文件时犯的错误吗
securityContext:
runAsUser: 1000
runAsGroup: 3000
表示您不能chown 1000:1000
,因为该用户不是组的成员
您可能希望将该initContainer:
作为runAsUser:0
运行,以便允许它执行任意chown
操作
您还截断了YAML,该YAML将指定由
volumeMounts:
装载的卷:
——您有可能试图装载一个卷类型,而不管您的readOnly:false
声明如何,该卷类型都无法修改ConfigMap
、Secret
、Downdown API和其他一些也不会响应变异请求,即使root
您的initContainer:command:
格式也不正确;只有chown-R
将执行;它下面的chgrp
行将作为第一个参数传递到shell中,并且不会执行;您可以通过运行它正在运行的内容来确认这一点:sh-c“echo hello”“echo world”