问题描述
我正在创建一个Kubernetes PVC和一个使用它的Deploy.
I'm creating a Kubernetes PVC and a Deploy that uses it.
在yaml中,指定uid和gid必须为1000.
In the yaml it is specified that uid and gid must be 1000.
但是在部署时,该卷使用不同的ID挂载,因此我对此没有写访问权限.
But when deployed the volume is mounted with different IDs so I have no write access on it.
如何为PVC有效地指定uid和gid?
How can I specify effectively uid and gid for a PVC?
PVC yaml:
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jmdlcbdata
annotations:
pv.beta.kubernetes.io/gid: "1000"
volume.beta.kubernetes.io/mount-options: "uid=1000,gid=1000"
volume.beta.kubernetes.io/storage-class: default
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "2Gi"
storageClassName: "default"
部署Yaml:
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
name: jmdlcbempty
namespace: default
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
name: jmdlcbempty
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
volumes:
- name: jmdlcbdata
persistentVolumeClaim:
claimName: jmdlcbdata
containers:
- name: myalpine
image: "alpine"
command:
- /bin/sh
- "-c"
- "sleep 60m"
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /usr/share/logstash/data
name: jmdlcbdata
这是目录列表:
$ kubectl get pvc; kubectl get pods;
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
jmdlcbdata Bound pvc-6dfcdb29-8a0a-11e8-938b-1a5d4ff12be9 20Gi RWO default 2m
NAME READY STATUS RESTARTS AGE
jmdlcbempty-68cd675757-q4mll 1/1 Running 0 6s
$ kubectl exec -it jmdlcbempty-68cd675757-q4mll -- ls -ltr /usr/share/logstash/
total 4
drwxr-xr-x 2 nobody 42949672 4096 Jul 17 21:44 data
我正在研究IBM的Bluemix集群.
I'm working on a IBM's Bluemix cluster.
谢谢.
推荐答案
您可以使用initContainer设置卷装载路径的UID/GID权限.
You can use an initContainer to set the UID/GID permissions for the volume mount path.
默认情况下看到的UID/GID是由于在NFS上启用了根南瓜.
The UID/GID that you see by default is due to root squash being enabled on NFS.
步骤: https://console.bluemix.net/docs/containers /cs_troubleshoot_storage.html#nonroot
这篇关于Kubernetes持久卷声明安装了错误的gid的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!