Google Kubernetes Engine(GKE)群集由于“只读文件系统"而在创建安装源路径时出错. [英] Google Kubernetes Engine (GKE) cluster `error while creating mount source path` due to `read-only file system`
问题描述
我有一个具有以下配置的容器:
I have a container with the following configuration:
spec:
template:
spec:
restartPolicy: OnFailure
volumes:
- name: local-src
hostPath:
path: /src/analysis/src
type: DirectoryOrCreate
containers:
securityContext:
privileged: true
capabilities:
add:
- SYS_ADMIN
- 请注意,我故意省略了一些其他配置参数,以使问题简短一些
但是,当我将其部署到gcloud上的kubernetes上的群集中时,看到以下错误:
However, when I deploy it to my cluster on kubernetes on gcloud, I see the following error:
Error: failed to start container "market-state": Error response from daemon: error while creating mount source path '/src/analysis/src': mkdir /src: read-only file system
我尝试使用minikube在本地部署完全相同的作业,并且效果很好.
I have tried deploying the exact same job locally with minikube and it works fine.
我的猜测是,这与相对于主机的pod的权限有关,但是在我设置的SYS_ADMIN权限下,我希望它可以正常工作.创建群集时,出于其他原因,我给它提供了devstorage.read_write范围,但想知道是否还需要其他范围?
My guess is that this has to do with the pod's permissions relative to the host, but I expected it to work given the SYS_ADMIN permissions that I'm setting. When creating my cluster, I gave it a devstorage.read_write scope for other reason, but am wondering if there are other scopes I need as well?
gcloud container clusters create my_cluster \
--zone us-west1-a \
--node-locations us-west1-a \
--scopes=https://www.googleapis.com/auth/devstorage.read_write
DirectoryOrCreate
DirectoryOrCreate
推荐答案
IIUC,如果您的集群使用的是容器优化的VM,则需要了解这些实例的文件系统结构.
IIUC, if your cluster is using Container-Optimized VMs, you'll need to be aware of the structure of the file system for these instances.
请参见 https://cloud.google. com/container-optimized-os/docs/concepts/disks-and-filesystem
这篇关于Google Kubernetes Engine(GKE)群集由于“只读文件系统"而在创建安装源路径时出错.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
