如何在Minikube上正确设置hostPath持久卷? [英] How to properly setup hostPath persistent volume on Minikube?

问题描述

我目前正在做一个Lumen项目，我们在其中使用Minikube作为我们的开发环境.我们的主机的/Users/development/<project name>安装在/var/www/html上，并且工作正常. 但是，由于整个/var/www/html目录具有 1001:1001 所有权，因此我遇到了这个存储问题，文件写入在/var/www/html/storage/framework中不起作用.

I'm currently working on a Lumen project where we are using Minikube as our dev environment. Our host machine's /Users/development/<project name> is mounted at /var/www/html and is working fine. However, I'm facing this Storage issue where file writes are not working in the /var/www/html/storage/framework due to the fact that the entire /var/www/html directory has the 1001:1001 ownership.

这是我的部署规范:

apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
  name: apiserver
  namespace: development
  labels:
    app: sample-app-name
spec:
  selector:
    matchLabels:
      app: sample-app-name
      tier: apiserver
  replicas: 1
  template:
    metadata:
      labels:
        app: sample-app-name
        tier: apiserver
    spec:
      containers:
      - name: php-app
        image: my-image:latest
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
        imagePullPolicy: Never
        env:
        - name: GET_HOSTS_FROM
          value: dns
        ports:
        - containerPort: 80
        volumeMounts:
          - mountPath: "/var/www/html"
            name: host-mount
      imagePullSecrets:
        - name: dockercred
      volumes:
      - name: host-mount
        hostPath:
          path: "/Users/development/<app directory>"

我尝试将永久卷移动到其自己的单独文件中，并创建了一个pvc，但是仍然无法正常工作. 我还尝试了多种方法来使用初始化容器和安全上下文来更改目录权限，但仍然始终将权限设置为** 1001:1001 * 我真的很绝望，所以我们将不胜感激.

I tried moving the persistent volume onto its own separate file, and had created a pvc, but still, it's not working. I also tried multiple ways on how to change the directory permissions using both init containers and security context, but it still the permissions are always set to **1001:1001* I'm really desperate here, so any help would be appreciated.

主机规格:

• 操作系统:Ubuntu 18.04.3 LTS
• Minikube版本:v0.30.0
• Kubectl客户端版本:客户端版本:version.Info {主要:"1"，次要:"16"，GitVersion:"v1.16.2"，GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b"，GitTreeState:"clean"，构建日期:"2019 -10-15T19:18:23Z，GoVersion:" go1.12.10，编译器:" gc，平台:" linux/amd64}
• Kubectl服务器版本:服务器版本:version.Info {主要:"1"，次要:"10"，GitVersion:"v1.10.0"，GitCommit:"fc32d2f3698e36b93322a3465f63a14e9f0eaead"，GitTreeState:干净"，构建日期:"2018 -03-26T16:44:10Z，GoVersion:" go1.9.3，编译器:" gc，平台:" linux/amd64}
• Virtualbox版本:5.2.34 r133893(Qt5.9.5)

编辑 :(这是我在部署"中使用的映像的docker文件)

(Here's docker file of the image i'm using in the Deployment)

FROM phpearth/php:7.1-nginx

RUN apk add --no-cache php7.1-redis php7.1-pdo php7.1-pdo_pgsql php7.1-xdebug composer bash

COPY ./nginx-default.conf /etc/nginx/conf.d/default.conf
COPY ./xdebug.ini /etc/php/7.1/conf.d/xdebug.ini
COPY ./www.conf /etc/php/7.1/php-fpm.d/www.conf
RUN mkdir -p /var/www/storage/import
RUN mkdir -p /var/www/storage/import/files
RUN mkdir -p /var/www/storage/import/templates
RUN mkdir -p /var/www/storage/logs
RUN mkdir -p /var/www/storage/framework/sessions
RUN mkdir -p /var/www/storage/framework/views
RUN touch /var/www/storage/logs/lumen.log
RUN chown -Rf 1000:1000 /var/www/
# Install the blackfire client
RUN version=$(php -r "echo PHP_MAJOR_VERSION.PHP_MINOR_VERSION;") \
    && curl -A "Docker" -o /tmp/blackfire-probe.tar.gz -D - -L -s http://packages.blackfire.io/binaries/blackfire-php/1.23.1/blackfire-php-alpine_amd64-php-71.tar.gz \
    && mkdir -p /tmp/blackfire \
    && tar zxpf /tmp/blackfire-probe.tar.gz -C /tmp/blackfire \
    && mv /tmp/blackfire/blackfire-*.so $(php -r "echo ini_get('extension_dir');")/blackfire.so \
    && printf "extension=blackfire.so\nblackfire.agent_socket=tcp://blackfire:8707\n" > /etc/php/7.1/conf.d/blackfire.ini \
    && rm -rf /tmp/blackfire /tmp/blackfire-probe.tar.gz

推荐答案

事实证明，这不是一个日益严重的问题.我一直指责hostPath坐骑 因为当我尝试在/var/www 上运行ls -lah时，它会一直显示 html 目录的权限为 1001:1001 ，而不是www-数据.

Turns out, this wasn't a mounting issue. I kept blaming the hostPath mount because when I try running ls -lah on /var/www, it kept showing the html directory's permissions as 1001:1001 instead of www-data.

最后，是PHP的用户未在正确的UID上运行. 转储posix_getpwuid(posix_geteuid())显示以下结果:

In the end, it was PHP's user that wasn't running on the correct UID. Dumping posix_getpwuid(posix_geteuid()) shows the following result:

array:7 [
  "name" => "www-data"
  "passwd" => "x"
  "uid" => 82
  "gid" => 82
  "gecos" => "www-data"
  "dir" => "/var/www"
  "shell" => "/sbin/nologin"
]

但是在我的Dockerfile中添加以下行之后: RUN apk add shadow && usermod -u 1000 www-data && groupmod -g 1000 www-data，现在显示:

But after adding this line in my Dockerfile: RUN apk add shadow && usermod -u 1000 www-data && groupmod -g 1000 www-data, it now shows this:

array:7 [
  "name" => "www-data"
  "passwd" => "x"
  "uid" => 1000
  "gid" => 1000
  "gecos" => "www-data"
  "dir" => "/var/www"
  "shell" => "/sbin/nologin"
]

我的API现在没有任何权限问题.

I'm not having any permission issues now on my APIs.

这篇关于如何在Minikube上正确设置hostPath持久卷?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！