问题描述

我有一个具有以下配置的容器:

I have a container with the following configuration:

spec:
  template:
    spec:
      restartPolicy: OnFailure
      volumes:
        - name: local-src
          hostPath:
            path: /src/analysis/src
           type: DirectoryOrCreate
      containers:
          securityContext:
            privileged: true
            capabilities:
              add:
                - SYS_ADMIN

• 请注意，我故意省略了一些其他配置参数，以使问题简短一些

但是，当我将其部署到gcloud上的kubernetes上的群集中时，看到以下错误:

However, when I deploy it to my cluster on kubernetes on gcloud, I see the following error:

Error: failed to start container "market-state": Error response from daemon: error while creating mount source path '/src/analysis/src': mkdir /src: read-only file system

我尝试使用minikube在本地部署完全相同的作业，并且效果很好.

I have tried deploying the exact same job locally with minikube and it works fine.

我的猜测是，这与相对于主机的pod的权限有关，但是在我设置的SYS_ADMIN权限下，我希望它可以正常工作.创建群集时，出于其他原因，我给它提供了devstorage.read_write范围，但想知道是否还需要其他范围?

My guess is that this has to do with the pod's permissions relative to the host, but I expected it to work given the SYS_ADMIN permissions that I'm setting. When creating my cluster, I gave it a devstorage.read_write scope for other reason, but am wondering if there are other scopes I need as well?

gcloud container clusters create my_cluster \
    --zone us-west1-a \
    --node-locations us-west1-a \
    --scopes=https://www.googleapis.com/auth/devstorage.read_write

DirectoryOrCreate

DirectoryOrCreate

推荐答案

IIUC，如果您的集群使用的是容器优化的VM，则需要了解这些实例的文件系统结构.

IIUC, if your cluster is using Container-Optimized VMs, you'll need to be aware of the structure of the file system for these instances.

请参见 https://cloud.google. com/container-optimized-os/docs/concepts/disks-and-filesystem

这篇关于Google Kubernetes Engine(GKE)群集由于“只读文件系统"而在创建安装源路径时出错.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！