[英]cron not running in a docker container with no capabilities
I have a docker container, in which I'm running the following cron job:我有一个 docker 容器,我在其中运行以下 cron 作业:
SHELL=/bin/bash
BASH_ENV=/container.env
*/1 * * * * find ${CLONE_DIR} -mmin +10 -exec rm -fr {} >> /var/log/cronjob.log 2>&1 \;
The cronjob works perfectly in my local environment (ie using docker-compose to launch the container). cronjob 在我的本地环境中完美运行(即使用 docker-compose 启动容器)。
In my production environment I use k8s and remove all capabilities from the container:在我的生产环境中,我使用 k8s 并从容器中删除所有功能:
securityContext:
capabilities:
drop:
- ALL
Which results in the job not running at all.这导致作业根本没有运行。
Checklist:清单:
cron
service is running.cron
服务正在运行。cron
script. cron
脚本中没有错误。crontab -l
lists the job crontab -l
列出作业I've tested the container with and without capabilities
and can verify that with it it works, and without it doesn't.我已经测试了具有和不
capabilities
的容器,并且可以验证它是否可以工作,而没有它则不能。 Therefore, I think this is the problem.因此,我认为这是问题所在。
What capability should I add to my container in order for this to work?我应该向我的容器添加什么功能才能使其正常工作? Thanks for your help and attention.
感谢您的帮助和关注。
The missing capability was: CAP_SETGID
缺少的功能是:
CAP_SETGID
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.