我正在尝试创建一个动态 Azure 磁盘卷以在具有特定权限要求的 Pod 中使用。
容器 在用户 id
472定义以下
StorageClassapiVersion: storage.k8s.io/v1
kind: StorageClass
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Delete
volumeBindingMode: Immediate
metadata:
name: foo-storage
mountOptions:
- rw
parameters:
cachingmode: None
kind: Managed
storageaccounttype: Standard_LRS
还有这个PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: foo-storage
namespace: foo
spec:
accessModes:
- ReadWriteOnce
storageClassName: foo-storage
resources:
requests:
storage: 1Gi
我可以在 Pod 中运行以下命令:
containers:
- image: ubuntu
name: foo
imagePullPolicy: IfNotPresent
command:
- ls
- -l
- /var/lib/foo
volumeMounts:
- name: foo-persistent-storage
mountPath: /var/lib/foo
volumes:
- name: foo-persistent-storage
persistentVolumeClaim:
claimName: foo-storage
pod 将正确安装并启动,但会显示
kubectl logs <the-pod>total 24
drwxr-xr-x 3 root root 4096 Nov 23 11:42 .
drwxr-xr-x 1 root root 4096 Nov 13 12:32 ..
drwx------ 2 root root 16384 Nov 23 11:42 lost+found
即当前目录被安装为
root我尝试在
mountOptionsStorageClassuid=472user=472mounting arguments: --description=Kubernetes transient mount for /var/lib/kubelet/plugins/kubernetes.io/azure-disk/mounts/m1019941199 --scope -- mount -t ext4 -o group=472,rw,user=472,defaults /dev/disk/azure/scsi1/lun0 /var/lib/kubelet/plugins/kubernetes.io/azure-disk/mounts/m1019941199
Output: Running scope as unit run-r7165038756bf43e49db934e8968cca8b.scope.
mount: wrong fs type, bad option, bad superblock on /dev/sdc,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so.
我也尝试从 man mount 获取一些信息,但我还没有找到任何有用的东西。
如何配置此存储类、持久卷声明和卷挂载,以便运行容器进程的非根用户能够在挂载路径中写入(并创建子目录)?
您需要定义 pod 规范的
securityContextsecurityContext:
runAsUser: 472
fsGroup: 472
稳定的 Grafana Helm Chart 也采用同样的方式。请参阅此处配置下的
securityContext