I am trying to deploy my Jhipster (v5.5.0) project onto Kubernetes (v1.16.3), but the pod keeps failing on an attempt to read the database. I assume its because the /var/lib/h2/data directory is not allowing the user read/write access
Here is my YAML that will create the deployment / pod. I have another YAML that creates the PV and PVC.
apiVersion: apps/v1
kind: Deployment
metadata:
name: portal
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
template:
spec:
containers:
- name: portal
# for argoCD
image: xxxx.xxxx.com/appliances/kubernetes/portal:temp-test-17
envFrom:
- configMapRef:
name: portal-config
# NOTE: the ports.protocol used to be set to TCP, in okd yaml. TCP is the default, so we no longer set it.
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
# resources:
# requests:
# cpu: 1
# memory: 1Gi
# limits:
# memory: 4Gi
resources:
limits:
cpu: "0.5"
memory: "2048Mi"
requests:
cpu: "0.1"
memory: "64Mi"
# an image pull policy of IfNotPresent is useful when docker is less available, but requires updating tags during development more often. Originally was "Always"
imagePullPolicy: IfNotPresent
volumeMounts:
# NOTE: if we use SSL, we will need a 'keystores' volume mount
# - mountPath: /var/run/secrets/java.io/keystores
# name: keystore-volume
# Volume mount for the database files. Stored on a PV so we can upgrade without removing stored DB data.
- mountPath: /var/lib/h2/data
name: portal-db-vol01
# DEBUG USE ONLY - run as root with elevated permissions.
securityContext:
# allowPrivilegeEscalation: true
# capabilities: {}
# privileged: false
runAsNonRoot: true
runAsUser: 950
imagePullSecrets:
- name: regcred-nexus
# Monitor for future clean deployment: make sure it doesnt create 2 pvcs
volumes:
- name: xxx-db-vol01
persistentVolumeClaim:
claimName: xxxx-db-pvc-volume01
# terminationGracePeriodSeconds - we allow 30 seconds for DB cleanup
terminationGracePeriodSeconds: 30
Here's the error:
Caused by: java.lang.IllegalStateException: Could not open file nio:/var/lib/h2/data/odp.mv.db [1.4.200/1]
at org.h2.mvstore.DataUtils.newIllegalStateException(DataUtils.java:950)
at org.h2.mvstore.FileStore.open(FileStore.java:179)
at org.h2.mvstore.MVStore.<init>(MVStore.java:381)
at org.h2.mvstore.MVStore$Builder.open(MVStore.java:3579)
at org.h2.mvstore.db.MVTableEngine$Store.open(MVTableEngine.java:170)
... 51 common frames omitted
Caused by: java.io.FileNotFoundException: /var/lib/h2/data/odp.mv.db (Permission denied)
at java.io.RandomAccessFile.open0(Native Method)
at java.io.RandomAccessFile.open(RandomAccessFile.java:316)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:243)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:124)
at org.h2.store.fs.FileNio.<init>(FilePathNio.java:43)
at org.h2.store.fs.FilePathNio.open(FilePathNio.java:23)
at org.h2.mvstore.FileStore.open(FileStore.java:153)
... 54 common frames omitted
And here's something I threw into the Dockerfile in order to force this to work, but it seems like the.../h2/data directory is not getting the right permissions
USER root
RUN mkdir -p /var/lib/h2/data
RUN chmod -R 777 /var/lib/h2
RUN useradd -d /home/user -m -s /bin/bash user
USER user
Change your /var/lib/h2/data to something like /usr/share/..., and make sure your image has more permissions on /var/lib (such as 777)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.