Kubernetes:如何设置VolumeMount用户组和文件权限 [英] Kubernetes: how to set VolumeMount user group and file permissions
问题描述
我正在使用kops在AWS上运行Kubernetes集群.我已经将EBS卷安装到了容器上,并且可以从我的应用程序中看到它,但是由于我的应用程序没有以root用户身份运行,因此它是只读的.如何以root以外的用户身份挂载PersistentVolumeClaim
? VolumeMount
似乎没有任何选项来控制安装路径的用户,组或文件权限.
I'm running a Kubernetes cluster on AWS using kops. I've mounted an EBS volume onto a container and it is visible from my application but it's read only because my application does not run as root. How can I mount a PersistentVolumeClaim
as a user other than root? The VolumeMount
does not seem to have any options to control the user, group or file permissions of the mounted path.
这是我的Deployment yaml文件:
Here is my Deployment yaml file:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: notebook-1
spec:
replicas: 1
template:
metadata:
labels:
app: notebook-1
spec:
volumes:
- name: notebook-1
persistentVolumeClaim:
claimName: notebook-1
containers:
- name: notebook-1
image: jupyter/base-notebook
ports:
- containerPort: 8888
volumeMounts:
- mountPath: "/home/jovyan/work"
name: notebook-1
推荐答案
Pod安全上下文支持设置fsGroup
,它允许您设置拥有该卷的组ID,从而确定谁可以写入该卷.文档中的示例:
The Pod Security Context supports setting an fsGroup
, which allows you to set the group ID that owns the volume, and thus who can write to it. The example in the docs:
apiVersion: v1
kind: Pod
metadata:
name: hello-world
spec:
containers:
# specification of the pod's containers
# ...
securityContext:
fsGroup: 1234
有关此的更多信息,请此处
More info on this is here
这篇关于Kubernetes:如何设置VolumeMount用户组和文件权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!