如何将容器卷(非root用户)装载到Kubernetes中主机上的root用户?

如何将容器卷(非root用户)装载到Kubernetes中主机上的root用户?,kubernetes,Kubernetes,当我尝试将应用程序日志卷从容器装载到主机时 获取错误:不允许操作 spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 initContainers: - name: volume-mount-permission image: xx.xx.xx.xx/orchestration/credit-card command: - sh - -c

当我尝试将应用程序日志卷从容器装载到主机时 获取错误:不允许操作

spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
  initContainers:
  - name: volume-mount-permission
    image: xx.xx.xx.xx/orchestration/credit-card
    command:
    - sh
    - -c
    - chown -R 1000:1000 /opt/payara/appserver/glassfish/logs/credit-card
    - chgrp 1000 /opt/payara/appserver/glassfish/logs/credit-card
    volumeMounts:
    - name: card-corp-logs
      mountPath: /opt/payara/appserver/glassfish/logs/credit-card
      readOnly: false

  containers:
  - name: credit-card
    image: xx.xx.xx.xx/orchestration/credit-card
    imagePullPolicy: Always
    securityContext:
      privileged: true
      runAsUser: 1000
    ports:
    - name: credit-card
      containerPort: 8080
    readinessProbe:
      httpGet:
         path: /
         port: 8080
      initialDelaySeconds: 10
      periodSeconds: 5
      successThreshold: 1
    volumeMounts:
    - name: override-setting-storage
      mountPath: /p/config
    - name: credit-card-teamsite
      mountPath: /var/credit-card/teamsite/card_corp
容器路径-/opt/payara/appserver/glassfish/logs/credit-card-to-hostPath

有谁能帮我找出我在部署yml文件时犯的错误吗

  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
表示您不能
chown 1000:1000
,因为该用户不是组的成员

您可能希望将该
initContainer:
作为
runAsUser:0
运行,以便允许它执行任意
chown
操作


您还截断了YAML,该YAML将指定由
volumeMounts:
装载的
卷:
——您有可能试图装载一个卷类型,而不管您的
readOnly:false
声明如何,该卷类型都无法修改
ConfigMap
Secret
、Downdown API和其他一些也不会响应变异请求,即使
root

您的
initContainer:command:
格式也不正确;只有
chown-R
将执行;它下面的
chgrp
行将作为第一个参数传递到shell中,并且不会执行;您可以通过运行它正在运行的内容来确认这一点:
sh-c“echo hello”“echo world”