Docker中更改映射卷的权限

Docker中更改映射卷的权限

本文介绍了如何在kubernetes/Docker中更改映射卷的权限的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我刚刚使用Docker文件创建了映像,并且为了更改用户我刚刚使用过:

I just created image using Docker file and for changing user I just used:

USER myuser

我们正在使用目录来存储数据,我们使用以下命令更改该目录权限:

We are using a directory to store data, we change that directory permission using:

chown -R myuser:myuser /data-dir

此Docker文件用于etcd,我们希望etcd在其中使用/data-dir来存储数据.现在,我们使用kubernetes yml文件将/data-dir映射到efs卷.

This Docker file is for etcd, where we want /data-dir use by etcd to store data. Now, we map the /data-dir to efs volume using kubernetes yml file.

使用以下代码:

volumeMounts:
        - name: etcdefs
          mountPath: /data-dir
      volumes:
      - name: etcdefs
        persistentVolumeClaim:
          claimName: efs-etcd

在此之后,我希望该映射目录/data-dir应该具有myuser:myuser权限,但是它将目录设为root:root

After this, I expect, that mapped directory /data-dir should have permission as myuser:myuser but it making the directory as root:root

有人可以暗示我在这里做错了吗?

Can any one suggest what I am doing wrong here ?

推荐答案

这是因为docker.它仅在具有root权限的情况下挂载卷,您可以使用chmod进行更改,但只能在容器启动之后进行更改.

This is because of docker. It mounts volume with only root permission and you can change it with chmod but only after the container is started.

您可以在此处详细了解 https://github.com/moby/moby/issues /2259 这个问题已经存在很长时间了.

You can read more about it here https://github.com/moby/moby/issues/2259This issues is here for a long time.

您可以在kubernetes中使用fsGroup force 来通过指定的GID写入卷.这是有效的解决方案,并已记录在案.此处的更多信息 https://kubernetes.io/docs/tasks/configure -pod-container/security-context/

What you can do in kubernetes is use fsGroup and force that volume is writable by GID specified. This is working solution and documented as well. More information here https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

这是一个示例部署:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: alpine
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: alpine
    spec:
      securityContext:
        fsGroup: 1000
      containers:
        - name: alpine
          image: alpine
          volumeMounts:
              - mountPath: /var/alpine
                name: alpine
      volumes:
        - name: alpine
          awsElasticBlockStore:
            volumeID: vol-1234567890
            fsType: ext4

这篇关于如何在kubernetes/Docker中更改映射卷的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-12 01:42