在 Azure Kubernetes (AKS) 容器内使用 blobfuse
[英]use blobfuse inside an Azure Kubernetes (AKS) container
问题描述
We wanted to configure blobfuse inside an Azure Kubernetes container to access the Azure storage service.
我们想在 Azure Kubernetes 容器内配置 blobfuse 以访问 Azure 存储服务。
I created the storage account and a blob container.我创建了存储帐户和一个 blob 容器。 I installed blobfuse on the docker image (I tried with alpine and with ubuntu:22.04 images).我在 docker 图像上安装了 blobfuse(我尝试使用 alpine 和 ubuntu:22.04 图像)。
I start my application through a Jenkins pipeline with this configuration:我通过具有以下配置的 Jenkins 管道启动我的应用程序:
pipeline {
agent {
kubernetes {
yaml """
apiVersion: v1
kind: Pod
spec:
containers:
- name: test
image: my_ubuntu:20.04
command: ['cat']
securityContext:
allowPrivilegeEscalation: true
devices:
- /dev/fuse
"""
}
}
I ran this command inside my docker container:我在我的 docker 容器中运行了这个命令:
blobfuse /path/to/my/buckett --container-name=${AZURE_BLOB_CONTAINER} --tmp-path=/tmp/path --log-level=LOG_DEBUG --basic-remount-check=true
I got我有
fuse: device not found, try 'modprobe fuse' first
Running modprobe fuse returns modprobe: FATAL: Module fuse not found in directory /lib/modules/5.4.0-1068-azure运行modprobe fuse返回modprobe: FATAL: Module fuse not found in directory /lib/modules/5.4.0-1068-azure
All answers I googled mentioned using --privileged and /dev/fuse device, which I did, with no results.我用谷歌搜索的所有答案都提到了使用 --privileged 和 /dev/fuse 设备,我这样做了,但没有结果。
The same procedure works fine on my linux desktop, but not from inside a docker container on the AKS cluster.相同的过程在我的 linux 桌面上运行良好,但在 AKS 集群上的 docker 容器内部运行良好。
Is this even the right approach to access the Azure Storage service from inside Kubernetes?这甚至是从 Kubernetes 内部访问 Azure 存储服务的正确方法吗?
Is it possible to fix the error fuse: device not found ?是否可以修复错误fuse: device not found ?
1 个解决方案
解决方案1
0 2022-07-26 08:13:13
fuse: device not found, try 'modprobe fuse' first
I have also researched regarding fuse issues:我还研究了保险丝问题:
- Either the fuse kernel module isn't loaded on your host computer (very unlikely)保险丝 kernel 模块未加载到您的主机上(不太可能)
- Either the container you're using to perform the build doesn't have enough privileages.您用于执行构建的容器没有足够的权限。
--privileged gives too many permissions to the container instead of you should be able to get things working by replacing it with --cap-add SYS_ADMIN like below. --privileged为容器提供了太多权限,而不是你应该能够通过用--cap-add SYS_ADMIN替换它来让事情正常工作,如下所示。
docker run -d --rm \
--device /dev/fuse \
--cap-add SYS_ADMIN \
<image_id/name>
and also run并且还运行
docker run -d --rm \
--device /dev/fuse \
--cap-add SYS_ADMIN \
--security-opt apparmor:unconfined \
<image_id/name>
Try to run this command if it fails try to check up setup and check with versions and also blobfuse installation如果失败,请尝试运行此命令尝试检查设置并检查版本以及 blobfuse 安装
For reference I also suggest you this Article作为参考,我也建议你这篇文章
- Mounting Azure Files and Blobs using Non-traditional options in Kubernetes - by Arun Kumar Singh 使用 Kubernetes 中的非传统选项安装 Azure 文件和 Blob - 作者:Arun Kumar Singh
- kubernetes-sigs/blob-csi-driver: Azure Blob Storage CSI driver (github.com) kubernetes-sigs/blob-csi-driver: Azure Blob 存储 CSI 驱动程序 (github.com)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.