在 Argo-Workflows 中使用 K6 映像时无法写入已安装的卷

问题描述 投票:0回答:1

我正在尝试在 Argo-Workflows 步骤中执行 K6 测试,并将结果写入将由后续步骤处理的文件中。为此,我正在安装一个卷并尝试将结果写入已安装卷上的文件中。

当我使用 

--out json=/mnt/app/results.json
以及使用 
handleSummary
功能时,我会收到“权限被拒绝”错误:

Could not save some summary information:\n\t- could not open '/mnt/app/summary.json': open /mnt/app/summary.json: permission denied

我猜这是因为 K6 在非 root 用户中执行,而该用户没有写入文件系统的权限。虽然我看到有一些方法可以使用普通的 docker 来解决这个问题(使用 

--user $UID
--user root
),但我没有找到合适的方法来使用 Argo-Workflows 实现这一点。

这是一个重现问题的小工作流程:

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: permission-denied-for-k6-image-
spec:
  volumeClaimTemplates:
  - metadata:
      name: workdir
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 1Gi

  entrypoint: main
  templates:
  - name: main
    steps:
    - - name: run-load-test
        template: run-load-test
    - - name: print-results
        template: print-results

  - name: run-load-test
    script:
      volumeMounts:
      - name: workdir
        mountPath: /mnt/app
      image: grafana/k6:latest
      command: ["k6"]
      args: ["run"]
      source: |
        import http from "k6/http";
        import { sleep } from "k6";
        export const options = {
          vus: 10,
          duration: "3s",
        };
        export default function () {
          http.get("http://test.k6.io");
          sleep(1);
        }

        export function handleSummary(data) {
          return {
            "/mnt/app/summary.json": json.stringify(data.metrics.iteration_duration.values),
          };
        }
  - name: print-results
    script:
      volumeMounts:
      - name: workdir
        mountPath: /mnt/app
      image: busybox
      command: [sh]
      source: |
        ls -l /mnt/app/

  volumes:
    - name: shared-volume
      emptyDir: {}
permissions containers k6 argo-workflows
1个回答
0
投票

目前,我发现实现解决方案的唯一方法是向定义用户、组和 FS 组的 pod 规范添加补丁:

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: reproduced-failure-to-write-from-k6-
spec:
  volumeClaimTemplates:
  - metadata:
      name: workdir
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 1Gi

  entrypoint: main
  templates:
  - name: main
    steps:
    - - name: run-load-test
        template: run-load-test
    - - name: print-results
        template: print-results



  - name: run-load-test
    script:
      volumeMounts:
      - name: workdir
        mountPath: /mnt/app
      image: grafana/k6:latest
      command: ["k6"]
      args: ["run"]
      source: |
        import http from "k6/http";
        import { sleep } from "k6";
        export const options = {
          vus: 10,
          duration: "3s",
        };
        export default function () {
          http.get("http://test.k6.io");
          sleep(1);
        }

        export function handleSummary(data) {
          return {
            "/mnt/app/summary.json": JSON.stringify(data.metrics.iteration_duration.values),
          };
        }
  - name: print-results
    script:
      volumeMounts:
      - name: workdir
        mountPath: /mnt/app
      image: busybox
      command: [sh]
      source: |
        ls -l /mnt/app/

  podSpecPatch: |
    securityContext:
      runAsUser: 1000
      runAsGroup: 1000
      fsGroup: 1000


  volumes:
    - name: shared-volume
      emptyDir: {}


fsGroup
添加到工作流、步骤或容器的安全上下文失败,并出现以下错误:

Failed to parse workflow: json: unknown field "fsGroup"
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.