[英]Kubernetes - setting custom permissions/file ownership per volume (and not per pod)
Is there any way to set per-volume permissions/ownership in Kubernetes declaratively?有没有办法在 Kubernetes 中以声明方式设置每个卷的权限/所有权?
Usecase:用例:
sudo
sudo
We know that we can use fsGroup
, however that is a pod-level declaration.我们知道我们可以使用
fsGroup
,但这是一个 pod 级别的声明。 So even if we pick fsGroup equal to user in first container, then we are going to have permission issues in the other one.所以即使我们在第一个容器中选择 fsGroup 等于用户,那么我们也会在另一个容器中遇到权限问题。 (ref: Kubernetes: how to set VolumeMount user group and file permissions )
(参考: Kubernetes:如何设置 VolumeMount 用户组和文件权限)
One solution is to use init-container to change permissions of mounted directories .一种解决方案是使用 init-container 更改挂载目录的权限。
The init-container would need to mount both volumes (from both containers), and do the needed chown
/ chmod
operations. init-container 需要挂载两个卷(从两个容器),并执行所需的
chown
/ chmod
操作。
Drawbacks:缺点:
chown
chown
It can be done with adding one init container with root access.可以通过添加一个具有 root 访问权限的 init 容器来完成。
initContainers:
- name: changeowner
image: busybox
command: ["sh", "-c", "chown -R 200:200 /<volume>"]
volumeMounts:
- name: <your volume>
mountPath: /<volume>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.