PgAdmin 的 Kubernetes 持久卷挂载

Question

I'm attempting to create a persistent volume claim for my pgadmin deployment so I can persist my settings, servers, etc. when I rollout updates after each deployment from CD pipeline.我正在尝试为我的 pgadmin 部署创建一个持久卷声明，以便在每次从 CD 管道部署后推出更新时，我可以保留我的设置、服务器等。

In my logs I'm getting the following errors:在我的日志中，我收到以下错误：

...
[2020-10-05 00:54:56 +0000] [91] [INFO] Worker exiting (pid: 91)
WARNING: Failed to set ACL on the directory containing the configuration database:
           [Errno 1] Operation not permitted: '/var/lib/pgadmin'
HINT   : You may need to manually set the permissions on
         /var/lib/pgadmin to allow pgadmin to write to it.
ERROR  : Failed to create the directory /var/lib/pgadmin/sessions:
           [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
HINT   : Create the directory /var/lib/pgadmin/sessions, ensure it is writeable by
         'pgadmin', and try again, or, create a config_local.py file
         and override the SESSION_DB_PATH setting per
         https://www.pgadmin.org/docs/pgadmin4/4.26/config_py.html

Just a bunch of permission failures for writing:只是一堆写入权限失败：

PGAdmin deployment PGAdmin 部署

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pgadmin
spec:
  selector:
   matchLabels:
    app: pgadmin
  replicas: 1
  template:
    metadata:
      labels:
        app: pgadmin
    spec:
      containers:
        - name: pgadmin4
          image: dpage/pgadmin4
          volumeMounts:
            - mountPath: /var/lib/pgadmin
              name: pgadminstorage
          env:
           - name: PGADMIN_DEFAULT_EMAIL
             valueFrom:
               secretKeyRef:
                 name: un
                 key: un
           - name: PGADMIN_DEFAULT_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: pw 
                 key: pw
           - name: PGADMIN_PORT
             value: "80"
          ports:
            - containerPort: 80
              name: pgadminport
      volumes:
        - name: pgadminstorage
          persistentVolumeClaim:
            claimName: pgadmin-persistent-volume-claims-cfg

Volumes卷

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pgadmin-persistent-volume-claims-cfg
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

What could I be missing here?我会在这里错过什么？

Update:更新：

This might be a problem specific to digitalocean and inability to set permissions.这可能是 digitalocean 特有的问题，并且无法设置权限。 PVC will set perms to root, but writing as pgadmin is causing issues at startup Adding this to my pgadmin deployment fixed everything PVC 会将 perms 设置为 root，但以 pgadmin 的身份写入会导致启动时出现问题将此添加到我的 pgadmin 部署中修复了所有问题

      initContainers:
        - name: pgadmin-data-permission-fix
          image: busybox
          command: ["/bin/chown", "-R", "5050:5050", "/var/lib/pgadmin"]
          volumeMounts:
          - name: pgadminstorage
            mountPath: /var/lib/pgadmin

You could probably also chmod recursive on the dir as well and also be fine.您也可以在目录上递归 chmod 并且也可以。

Answer 1

I've replicated your issue.我已经复制了你的问题。 Root cause is with PgAdmin issue, not Kubernetes.根本原因在于PgAdmin问题，而不是 Kubernetes。 Pods will be deployed without issue. Pod 将毫无问题地部署。 You will receive error as container won't be able to create folder inside folder /var/lib .您将收到错误，因为容器将无法在文件夹/var/lib内创建文件夹。 If you will check pgadmin pod logs - kubectl logs <pgadmin-pod> you will see errors like:如果您检查pgadmin pod 日志 - kubectl logs <pgadmin-pod>您将看到如下错误：

$ kubectl logs pgadmin-d569b67fd-8rnkc
WARNING: Failed to set ACL on the directory containing the configuration database:
           [Errno 1] Operation not permitted: '/var/lib/pgadmin'
HINT   : You may need to manually set the permissions on
         /var/lib/pgadmin to allow pgadmin to write to it.
ERROR  : Failed to create the directory /var/lib/pgadmin/sessions:
           [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
HINT   : Create the directory /var/lib/pgadmin/sessions, ensure it is writeable by
         'pgadmin', and try again, or, create a config_local.py file
         and override the SESSION_DB_PATH setting per
         https://www.pgadmin.org/docs/pgadmin4/4.26/config_py.html
sudo: setrlimit(RLIMIT_CORE): Operation not permitted

If you will check /var/lib/ folder permissions you will se that you can only Read and Execute , so you won't be able to create in this folder anything (as default, you will be logged as pgadmin user).如果您将检查/var/lib/文件夹权限，您将看到您只能Read和Execute ，因此您将无法在此文件夹中创建任何内容（默认情况下，您将以pgadmin用户身份登录）。

drwxr-xr-x    1 root     root          4096 Sep  5 14:01 lib

Depends on your needs you can resolve it in a few ways.根据您的需求，您可以通过几种方式解决它。 As fastest workaround you can just change path to folder which allows Write , like tmp .作为最快的解决方法，您只需更改允许Write文件夹的路径，例如tmp 。

drwxrwxrwt    1 root     root          4096 Oct  5 14:28 tmp

In YAML it would looks like:在YAML它看起来像：

  containers:
    - name: pgadmin4
      image: dpage/pgadmin4
      volumeMounts:
        - mountPath: /var/tmp/pgadmin
          name: pgadminstorage

When you will check logs, there won't be any issues.当您检查日志时，不会有任何问题。

$ kubectl logs pgadmin-6bb74cffb8-6q9tr
NOTE: Configuring authentication for SERVER mode.

sudo: setrlimit(RLIMIT_CORE): Operation not permitted
[2020-10-05 14:28:15 +0000] [1] [INFO] Starting gunicorn 19.9.0
[2020-10-05 14:28:15 +0000] [1] [INFO] Listening at: http://[::]:80 (1)
[2020-10-05 14:28:15 +0000] [1] [INFO] Using worker: threads
/usr/local/lib/python3.8/os.py:1023: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
  return io.open(fd, *args, **kwargs)
[2020-10-05 14:28:15 +0000] [89] [INFO] Booting worker with pid: 89
user@cloudshell:~/pgadmin (project)$

Regarding PgAdmin permissions issue there was already a few topics on StackOverflow or Github like: OSError: [Errno 13] Permission denied: '/var/lib/pgadmin'关于PgAdmin权限问题， StackOverflow或Github上已经有一些主题，例如： OSError: [Errno 13] Permission denied: '/var/lib/pgadmin'

pgadmin exit code 3 PermissionError: [Errno 13] Permission denied: '/var/lib/pgadmin/sessions' pgadmin 退出代码 3 PermissionError：[Errno 13] 权限被拒绝：'/var/lib/pgadmin/sessions'

[stable/pgadmin] files in /var/lib/pgadmin/sessions crash the pod /var/lib/pgadmin/sessions 中的 [stable/pgadmin] 文件使 pod 崩溃

In short, you could try to manually change permissions or use specific user.简而言之，您可以尝试手动更改权限或使用特定用户。

In addition, if you are using Cloud environment, you could think about using CloudSQL , instead of trying to put database into cloud.另外，如果你使用的是 Cloud 环境，你可以考虑使用CloudSQL ，而不是试图将数据库放入云端。 For example PostgreSQL with GKE例如PostgreSQL with GKE

EDIT编辑

As per @Ryan comment below this answer, you can also use Init Containers to change /var/lib/ permissions.根据此答案下方的@Ryan 评论，您还可以使用Init Containers更改/var/lib/权限。 Each init container must complete successfully before the next one starts and it runs before app containers in a pod .每个init container必须在下一个启动之前成功完成，并且它在pod应用程序容器之前运行。

specialized containers that run before app containers in a Pod.在 Pod 中的应用程序容器之前运行的专用容器。 Init containers can contain utilities or setup scripts not present in an app image. Init 容器可以包含应用程序映像中不存在的实用程序或设置脚本。

PgAdmin 的 Kubernetes 持久卷挂载

问题描述

PGAdmin deployment PGAdmin 部署

Volumes卷

Update:更新：

1 个解决方案

解决方案1
4 已采纳 2020-10-05 14:48:04

PgAdmin 的 Kubernetes 持久卷挂载

问题描述

PGAdmin deployment PGAdmin 部署

Volumes卷

Update:更新：

1 个解决方案

解决方案1 4 已采纳 2020-10-05 14:48:04

解决方案1
4 已采纳 2020-10-05 14:48:04