问题描述

我正在创建一个Kubernetes PVC和一个使用它的Deploy.

I'm creating a Kubernetes PVC and a Deploy that uses it.

在yaml中，指定uid和gid必须为1000.

In the yaml it is specified that uid and gid must be 1000.

但是在部署时，该卷使用不同的ID挂载，因此我对此没有写访问权限.

But when deployed the volume is mounted with different IDs so I have no write access on it.

如何为PVC有效地指定uid和gid?

How can I specify effectively uid and gid for a PVC?

PVC yaml:

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jmdlcbdata
  annotations:
    pv.beta.kubernetes.io/gid: "1000"
    volume.beta.kubernetes.io/mount-options: "uid=1000,gid=1000"
    volume.beta.kubernetes.io/storage-class: default
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "2Gi"
  storageClassName: "default"

部署Yaml:

---

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  creationTimestamp: null
  name: jmdlcbempty
  namespace: default
spec:
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      creationTimestamp: null
      labels:
        name: jmdlcbempty
    spec:
      securityContext:
        runAsUser: 1000
        fsGroup: 1000
      volumes:
        - name: jmdlcbdata
          persistentVolumeClaim:
            claimName: jmdlcbdata
      containers:
        - name: myalpine
          image: "alpine"
          command:
            - /bin/sh
            - "-c"
            - "sleep 60m"
          imagePullPolicy: IfNotPresent


          volumeMounts:
            - mountPath: /usr/share/logstash/data
              name: jmdlcbdata

这是目录列表:

$ kubectl get pvc; kubectl get pods;
NAME         STATUS    VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
jmdlcbdata   Bound     pvc-6dfcdb29-8a0a-11e8-938b-1a5d4ff12be9   20Gi       RWO            default        2m
NAME                           READY     STATUS    RESTARTS   AGE
jmdlcbempty-68cd675757-q4mll   1/1       Running   0          6s
$ kubectl exec -it jmdlcbempty-68cd675757-q4mll -- ls -ltr /usr/share/logstash/
total 4
drwxr-xr-x    2 nobody   42949672      4096 Jul 17 21:44 data

我正在研究IBM的Bluemix集群.

I'm working on a IBM's Bluemix cluster.

谢谢.

推荐答案

您可以使用initContainer设置卷装载路径的UID/GID权限.

You can use an initContainer to set the UID/GID permissions for the volume mount path.

默认情况下看到的UID/GID是由于在NFS上启用了根南瓜.

The UID/GID that you see by default is due to root squash being enabled on NFS.

步骤: https://console.bluemix.net/docs/containers /cs_troubleshoot_storage.html#nonroot

这篇关于Kubernetes持久卷声明安装了错误的gid的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！