Kubernetes:如何设置VolumeMount用户组和文件权限 [英] Kubernetes: how to set VolumeMount user group and file permissions

问题描述

我正在使用kops在AWS上运行Kubernetes集群.我已经将EBS卷安装到了容器上，并且可以从我的应用程序中看到它，但是由于我的应用程序没有以root用户身份运行，因此它是只读的.如何以root以外的用户身份挂载PersistentVolumeClaim? VolumeMount似乎没有任何选项来控制安装路径的用户，组或文件权限.

I'm running a Kubernetes cluster on AWS using kops. I've mounted an EBS volume onto a container and it is visible from my application but it's read only because my application does not run as root. How can I mount a PersistentVolumeClaim as a user other than root? The VolumeMount does not seem to have any options to control the user, group or file permissions of the mounted path.

这是我的Deployment yaml文件:

Here is my Deployment yaml file:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: notebook-1
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: notebook-1
    spec:
      volumes:
      - name: notebook-1
        persistentVolumeClaim:
          claimName: notebook-1
      containers:
      - name: notebook-1
        image: jupyter/base-notebook
        ports:
        - containerPort: 8888
        volumeMounts:
        - mountPath: "/home/jovyan/work"
          name: notebook-1

推荐答案

Pod安全上下文支持设置fsGroup，它允许您设置拥有该卷的组ID，从而确定谁可以写入该卷.文档中的示例:

The Pod Security Context supports setting an fsGroup, which allows you to set the group ID that owns the volume, and thus who can write to it. The example in the docs:

apiVersion: v1
kind: Pod
metadata:
  name: hello-world
spec:
  containers:
  # specification of the pod's containers
  # ...
  securityContext:
    fsGroup: 1234

有关此的更多信息，请此处

More info on this is here

这篇关于Kubernetes:如何设置VolumeMount用户组和文件权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！