如何为 Bitnami Postgres Helm 部署设置 Kube.netes CIFS 持久卷 PV 权限?
[英]How do I setup Kubernetes CIFS Persistent Volume PV Permissions for Bitnami Postgres Helm Deployment?
问题描述
I have a Kube.netes cluster that I am trying to deploy different Helm Charts, when charts have no persistence everything works great.
我有一个 Kube.netes 集群,我正在尝试部署不同的 Helm 图表,当图表没有持久性时,一切都很好。 When the Helm charts use persistent volumes I always run into permission issues.当 Helm 图表使用持久卷时,我总是会遇到权限问题。 I am using a Windows file share CIFS with a persistent volume I created, Im using the Secrets Store CSI Driver我正在使用 Windows 文件共享 CIFS 和我创建的持久卷,我正在使用Secrets Store CSI Driver
Here is my persistent volume and claim yaml, I have a secret (cifs-secret) with my username and password.这是我的永久卷并声明 yaml,我有一个密码 (cifs-secret),其中包含我的用户名和密码。 For now I'm not using a storage class, just a manually created PV/PVC现在我没有使用存储 class,只是手动创建的 PV/PVC
apiVersion: v1
metadata:
name: myvolume
labels:
app: myapp
spec:
storageClassName: ""
capacity:
storage: 100Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- dir_mode=0777
- file_mode=0777
- uid=0998
- gid=0996
- mfsymlinks
- nobrl
- cache=none
- domain=mydomain
csi:
driver: smb.csi.k8s.io
readOnly: false
volumeHandle: helmdata
volumeAttributes:
source: "//192.168.1.189/helm"
nodeStageSecretRef:
name: cifs-secret
namespace: helm
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: myclaim
namespace: mynamespace
labels:
app: myapp
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
volumeName: cifs-helmtest-pv
This was failing for me until I figured out which user needed access to the volume, I'm using an IronBank Grafana image so I ran the image locally in Docker and shelled into it, from the command line typed more /etc/passwd and it at the end of the output it listed the uid:0998 and gid:0996.在我弄清楚哪个用户需要访问该卷之前,这对我来说是失败的,我使用的是 IronBank Grafana 图像,所以我在 Docker 中本地运行该图像,并从命令行输入 more /etc/passwd 并对其进行加壳在 output 的末尾,它列出了 uid:0998 和 gid:0996。 So I updated the volume yaml and added the - uid=0998 and - gid=0996 to the mount options.所以我更新了卷 yaml 并将 -uid=0998 和 -gid=0996 添加到挂载选项中。
Once this was in place I was able to successfully install the Bitnami Helm Chart, I did have to update the configmap.yaml in the templates directory to match the IronBank paths, these differ slightly from the Bitnami paths.一旦到位,我就能够成功安装 Bitnami Helm Chart,我确实必须更新模板目录中的 configmap.yaml 以匹配 IronBank 路径,这些路径与 Bitnami 路径略有不同。
I have tried this same logic with the Bitnami Postgresql Helm Chart and I can't seem to get this working, when I shell into the container and run more /etc/passwd it is using uid:65543 and gid:65543 (nobody account) I created a volume with these uid/gids and I constantly get permission errors or incorrect permissions on directory, sometimes it will create the data folder in the volume mount location but its always empty.我已经用 Bitnami Postgresql Helm Chart 尝试了同样的逻辑,但我似乎无法正常工作,当我将 shell 放入容器并运行更多 /etc/passwd 时,它正在使用 uid:65543 和 gid:65543(没有人帐户)我用这些 uid/gids 创建了一个卷,但我经常遇到权限错误或目录权限不正确,有时它会在卷安装位置创建数据文件夹,但它总是空的。
The user account that create the windows share is the username and password I used in the cifs-secret.创建 windows 共享的用户帐户是我在 cifs-secret 中使用的用户名和密码。
Any help would be appreciated.任何帮助,将不胜感激。
1 个解决方案
解决方案1
0 2022-05-07 14:43:36
I found a solution to this by using the Ironbank Postgres image with the Bitnami helm chart, I updated the UID and GID to 26 and set the volume information as follows...我通过将 Ironbank Postgres 图像与 Bitnami helm chart 一起使用找到了解决方案,我将 UID 和 GID 更新为 26 并将卷信息设置如下...
Also, switching the data directory from the Bitnami default to /var/lib/postgresql/data is important to get the IronBank image to line up with the Bitnami chart.此外,将数据目录从 Bitnami 默认值切换到 /var/lib/postgresql/data 对于使 IronBank 图像与 Bitnami 图表对齐很重要。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.