使用 OpenShift 进行卷挂载的写入权限
[英]Write permissions on volume mount with OpenShift
问题描述
Using OpenShift 3.11, I've mounted an nfs persistent volume, but the application cannot copy into the new volume, saying:
使用 OpenShift 3.11,我安装了一个 nfs 持久卷,但应用程序无法复制到新卷中,说:
oc logs my-project-77858bc694-6kbm6
cp: cannot create regular file '/config/dbdata/resdb.lock.db': Permission denied
...
I've tried to change the ownership of the folder by doing a chown in an InitContainers, but it tells me the operation not permitted.我试图通过在 InitContainers 中执行 chown 来更改文件夹的所有权,但它告诉我该操作不允许。
initContainers:
- name: chowner
image: alpine:latest
command: ["/bin/sh", "-c"]
args:
- ls -alt /config/dbdata; chown 1001:1001 /config/dbdata;
volumeMounts:
- name: my-volume
mountPath: /config/dbdata/
oc logs my-project-77858bc694-6kbm6 -c chowner
total 12
drwxr-xr-x 3 root root 4096 Nov 7 03:06 ..
drwxr-xr-x 2 99 99 4096 Nov 7 02:26 .
chown: /config/dbdata: Operation not permitted
I expect to be able to write to the mounted volume.我希望能够写入已安装的卷。
1 个解决方案
解决方案1
0 已采纳 2019-11-07 14:50:02
You can give your Pods permission to write into a volume by using fsGroup: GROUP_ID in a Security Context.您可以通过在安全上下文中使用fsGroup: GROUP_ID来授予 Pod 写入卷的权限。 fsGroup makes your volumes writable by GROUP_ID and makes all processes inside your container part of that group. fsGroup使您的卷可按 GROUP_ID 写入,并使容器内的所有进程成为该组的一部分。
For example:例如:
apiVersion: v1
kind: Pod
metadata:
name: POD_NAME
spec:
securityContext:
fsGroup: GROUP_ID
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.