[英]Kubernetes persistent volume mount for PgAdmin
I'm attempting to create a persistent volume claim for my pgadmin deployment so I can persist my settings, servers, etc. when I rollout updates after each deployment from CD pipeline.我正在尝试为我的 pgadmin 部署创建一个持久卷声明,以便在每次从 CD 管道部署后推出更新时,我可以保留我的设置、服务器等。
In my logs I'm getting the following errors:在我的日志中,我收到以下错误:
...
[2020-10-05 00:54:56 +0000] [91] [INFO] Worker exiting (pid: 91)
WARNING: Failed to set ACL on the directory containing the configuration database:
[Errno 1] Operation not permitted: '/var/lib/pgadmin'
HINT : You may need to manually set the permissions on
/var/lib/pgadmin to allow pgadmin to write to it.
ERROR : Failed to create the directory /var/lib/pgadmin/sessions:
[Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
HINT : Create the directory /var/lib/pgadmin/sessions, ensure it is writeable by
'pgadmin', and try again, or, create a config_local.py file
and override the SESSION_DB_PATH setting per
https://www.pgadmin.org/docs/pgadmin4/4.26/config_py.html
Just a bunch of permission failures for writing:只是一堆写入权限失败:
apiVersion: apps/v1
kind: Deployment
metadata:
name: pgadmin
spec:
selector:
matchLabels:
app: pgadmin
replicas: 1
template:
metadata:
labels:
app: pgadmin
spec:
containers:
- name: pgadmin4
image: dpage/pgadmin4
volumeMounts:
- mountPath: /var/lib/pgadmin
name: pgadminstorage
env:
- name: PGADMIN_DEFAULT_EMAIL
valueFrom:
secretKeyRef:
name: un
key: un
- name: PGADMIN_DEFAULT_PASSWORD
valueFrom:
secretKeyRef:
name: pw
key: pw
- name: PGADMIN_PORT
value: "80"
ports:
- containerPort: 80
name: pgadminport
volumes:
- name: pgadminstorage
persistentVolumeClaim:
claimName: pgadmin-persistent-volume-claims-cfg
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pgadmin-persistent-volume-claims-cfg
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
What could I be missing here?我会在这里错过什么?
This might be a problem specific to digitalocean and inability to set permissions.这可能是 digitalocean 特有的问题,并且无法设置权限。 PVC will set perms to root, but writing as pgadmin is causing issues at startup Adding this to my pgadmin deployment fixed everything PVC 会将 perms 设置为 root,但以 pgadmin 的身份写入会导致启动时出现问题 将此添加到我的 pgadmin 部署中修复了所有问题
initContainers:
- name: pgadmin-data-permission-fix
image: busybox
command: ["/bin/chown", "-R", "5050:5050", "/var/lib/pgadmin"]
volumeMounts:
- name: pgadminstorage
mountPath: /var/lib/pgadmin
You could probably also chmod recursive on the dir as well and also be fine.您也可以在目录上递归 chmod 并且也可以。
I've replicated your issue.我已经复制了你的问题。 Root cause is with PgAdmin issue, not Kubernetes.根本原因在于PgAdmin问题,而不是 Kubernetes。 Pods will be deployed without issue. Pod 将毫无问题地部署。 You will receive error as container won't be able to create folder inside folder /var/lib
.您将收到错误,因为容器将无法在文件夹/var/lib
内创建文件夹。 If you will check pgadmin
pod logs - kubectl logs <pgadmin-pod>
you will see errors like:如果您检查pgadmin
pod 日志 - kubectl logs <pgadmin-pod>
您将看到如下错误:
$ kubectl logs pgadmin-d569b67fd-8rnkc
WARNING: Failed to set ACL on the directory containing the configuration database:
[Errno 1] Operation not permitted: '/var/lib/pgadmin'
HINT : You may need to manually set the permissions on
/var/lib/pgadmin to allow pgadmin to write to it.
ERROR : Failed to create the directory /var/lib/pgadmin/sessions:
[Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
HINT : Create the directory /var/lib/pgadmin/sessions, ensure it is writeable by
'pgadmin', and try again, or, create a config_local.py file
and override the SESSION_DB_PATH setting per
https://www.pgadmin.org/docs/pgadmin4/4.26/config_py.html
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
If you will check /var/lib/
folder permissions you will se that you can only Read
and Execute
, so you won't be able to create in this folder anything (as default, you will be logged as pgadmin
user).如果您将检查/var/lib/
文件夹权限,您将看到您只能Read
和Execute
,因此您将无法在此文件夹中创建任何内容(默认情况下,您将以pgadmin
用户身份登录)。
drwxr-xr-x 1 root root 4096 Sep 5 14:01 lib
Depends on your needs you can resolve it in a few ways.根据您的需求,您可以通过几种方式解决它。 As fastest workaround you can just change path to folder which allows Write
, like tmp
.作为最快的解决方法,您只需更改允许Write
文件夹的路径,例如tmp
。
drwxrwxrwt 1 root root 4096 Oct 5 14:28 tmp
In YAML
it would looks like:在YAML
它看起来像:
containers:
- name: pgadmin4
image: dpage/pgadmin4
volumeMounts:
- mountPath: /var/tmp/pgadmin
name: pgadminstorage
When you will check logs, there won't be any issues.当您检查日志时,不会有任何问题。
$ kubectl logs pgadmin-6bb74cffb8-6q9tr
NOTE: Configuring authentication for SERVER mode.
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
[2020-10-05 14:28:15 +0000] [1] [INFO] Starting gunicorn 19.9.0
[2020-10-05 14:28:15 +0000] [1] [INFO] Listening at: http://[::]:80 (1)
[2020-10-05 14:28:15 +0000] [1] [INFO] Using worker: threads
/usr/local/lib/python3.8/os.py:1023: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
return io.open(fd, *args, **kwargs)
[2020-10-05 14:28:15 +0000] [89] [INFO] Booting worker with pid: 89
user@cloudshell:~/pgadmin (project)$
Regarding PgAdmin
permissions issue there was already a few topics on StackOverflow
or Github
like: OSError: [Errno 13] Permission denied: '/var/lib/pgadmin'关于PgAdmin
权限问题, StackOverflow
或Github
上已经有一些主题,例如: OSError: [Errno 13] Permission denied: '/var/lib/pgadmin'
pgadmin exit code 3 PermissionError: [Errno 13] Permission denied: '/var/lib/pgadmin/sessions' pgadmin 退出代码 3 PermissionError:[Errno 13] 权限被拒绝:'/var/lib/pgadmin/sessions'
[stable/pgadmin] files in /var/lib/pgadmin/sessions crash the pod /var/lib/pgadmin/sessions 中的 [stable/pgadmin] 文件使 pod 崩溃
In short, you could try to manually change permissions or use specific user.简而言之,您可以尝试手动更改权限或使用特定用户。
In addition, if you are using Cloud environment, you could think about using CloudSQL , instead of trying to put database into cloud.另外,如果你使用的是 Cloud 环境,你可以考虑使用CloudSQL ,而不是试图将数据库放入云端。 For example PostgreSQL with GKE
例如PostgreSQL with GKE
EDIT编辑
As per @Ryan comment below this answer, you can also use Init Containers to change /var/lib/
permissions.根据此答案下方的@Ryan 评论,您还可以使用Init Containers更改/var/lib/
权限。 Each init container
must complete successfully before the next one starts and it runs before app containers in a pod
.每个init container
必须在下一个启动之前成功完成,并且它在pod
应用程序容器之前运行。
specialized containers that run before app containers in a Pod.在 Pod 中的应用程序容器之前运行的专用容器。 Init containers can contain utilities or setup scripts not present in an app image. Init 容器可以包含应用程序映像中不存在的实用程序或设置脚本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.