[英]Kubernetes on azure
I'm using Kubernetes on azure and my architecture is attached as image.我在 azure 上使用 Kubernetes 并且我的架构作为图像附加。
I could create a persistent volume using azure files and i attached it to my pods using persistent volume claim.我可以使用 azure 文件创建一个持久卷,并使用持久卷声明将它附加到我的 pod。
My problem is:我的问题是:
As you can see on the image there is files and directories on the azure files and i need to set special permissions on theses files/directories正如您在图像上看到的,azure 文件上有文件和目录,我需要对这些文件/目录设置特殊权限
for example例如
I asked about this feature and it's not implemented on azure files.我询问了这个特性,它没有在 azure 文件上实现。 Can you suggest any other solution?
你能建议任何其他解决方案吗?
Thank you in advance.先感谢您。
Regards,问候,
Hajjim哈吉姆
You can use kubernetes security context to configure access to your mounts.您可以使用 kubernetes 安全上下文来配置对安装的访问。 Check this linkhttps://kubernetes.io/docs/tasks/configure-pod-container/security-context/
检查此链接https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
Quoting the docs:引用文档:
Since fsGroup field is specified, all processes of the container are also part of the supplementary group ID 2000. The owner for volume /data/demo and any files created in that volume will be Group ID 2000.由于指定了 fsGroup 字段,容器的所有进程也是补充组 ID 2000 的一部分。卷 /data/demo 的所有者以及在该卷中创建的任何文件都将是组 ID 2000。
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
volumes:
- name: sec-ctx-vol
emptyDir: {}
containers:
- name: sec-ctx-demo
image: busybox
command: [ "sh", "-c", "sleep 1h" ]
volumeMounts:
- name: sec-ctx-vol
mountPath: /data/demo
securityContext:
allowPrivilegeEscalation: false
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.