[英]use blobfuse inside an Azure Kubernetes (AKS) container
We wanted to configure blobfuse inside an Azure Kubernetes container to access the Azure storage service.我们想在 Azure Kubernetes 容器内配置 blobfuse 以访问 Azure 存储服务。
I created the storage account and a blob container.我创建了存储帐户和一个 blob 容器。 I installed blobfuse on the docker image (I tried with alpine and with ubuntu:22.04 images).我在 docker 图像上安装了 blobfuse(我尝试使用 alpine 和 ubuntu:22.04 图像)。
I start my application through a Jenkins pipeline with this configuration:我通过具有以下配置的 Jenkins 管道启动我的应用程序:
pipeline {
agent {
kubernetes {
yaml """
apiVersion: v1
kind: Pod
spec:
containers:
- name: test
image: my_ubuntu:20.04
command: ['cat']
securityContext:
allowPrivilegeEscalation: true
devices:
- /dev/fuse
"""
}
}
I ran this command inside my docker container:我在我的 docker 容器中运行了这个命令:
blobfuse /path/to/my/buckett --container-name=${AZURE_BLOB_CONTAINER} --tmp-path=/tmp/path --log-level=LOG_DEBUG --basic-remount-check=true
I got我有
fuse: device not found, try 'modprobe fuse' first
Running modprobe fuse
returns modprobe: FATAL: Module fuse not found in directory /lib/modules/5.4.0-1068-azure
运行modprobe fuse
返回modprobe: FATAL: Module fuse not found in directory /lib/modules/5.4.0-1068-azure
All answers I googled mentioned using --privileged and /dev/fuse device, which I did, with no results.我用谷歌搜索的所有答案都提到了使用 --privileged 和 /dev/fuse 设备,我这样做了,但没有结果。
The same procedure works fine on my linux desktop, but not from inside a docker container on the AKS cluster.相同的过程在我的 linux 桌面上运行良好,但在 AKS 集群上的 docker 容器内部运行良好。
Is this even the right approach to access the Azure Storage service from inside Kubernetes?这甚至是从 Kubernetes 内部访问 Azure 存储服务的正确方法吗?
Is it possible to fix the error fuse: device not found
?是否可以修复错误fuse: device not found
?
fuse: device not found, try 'modprobe fuse' first
I have also researched regarding fuse issues:我还研究了保险丝问题:
--privileged
gives too many permissions to the container instead of you should be able to get things working by replacing it with --cap-add SYS_ADMIN
like below. --privileged
为容器提供了太多权限,而不是你应该能够通过用--cap-add SYS_ADMIN
替换它来让事情正常工作,如下所示。
docker run -d --rm \
--device /dev/fuse \
--cap-add SYS_ADMIN \
<image_id/name>
and also run并且还运行
docker run -d --rm \
--device /dev/fuse \
--cap-add SYS_ADMIN \
--security-opt apparmor:unconfined \
<image_id/name>
Try to run this command if it fails try to check up setup and check with versions and also blobfuse installation如果失败,请尝试运行此命令尝试检查设置并检查版本以及 blobfuse 安装
For reference I also suggest you this Article作为参考,我也建议你这篇文章
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.