使用OpenShift进行卷装载的写权限 [英] Write permissions on volume mount with OpenShift

问题描述

使用OpenShift 3.11，我已经安装了nfs持久卷，但是应用程序无法复制到新卷中，说:

Using OpenShift 3.11, I've mounted an nfs persistent volume, but the application cannot copy into the new volume, saying:

oc logs my-project-77858bc694-6kbm6 
cp: cannot create regular file '/config/dbdata/resdb.lock.db': Permission denied
...

我试图通过在InitContainers中进行修改来更改文件夹的所有权，但它告诉我该操作不允许.

I've tried to change the ownership of the folder by doing a chown in an InitContainers, but it tells me the operation not permitted.

      initContainers:
        - name: chowner
          image:  alpine:latest
          command: ["/bin/sh", "-c"]
          args:
            - ls -alt /config/dbdata; chown 1001:1001 /config/dbdata;
          volumeMounts:
          - name: my-volume
            mountPath: /config/dbdata/ 

oc logs my-project-77858bc694-6kbm6 -c chowner
total 12
drwxr-xr-x    3 root     root          4096 Nov  7 03:06 ..
drwxr-xr-x    2 99       99            4096 Nov  7 02:26 .
chown: /config/dbdata: Operation not permitted

我希望能够写入已安装的卷.

I expect to be able to write to the mounted volume.

推荐答案

您可以在安全上下文中使用fsGroup: GROUP_ID来授予Pods写入卷的权限. fsGroup使卷可以通过GROUP_ID写入，并使容器内的所有进程属于该组.

You can give your Pods permission to write into a volume by using fsGroup: GROUP_ID in a Security Context. fsGroup makes your volumes writable by GROUP_ID and makes all processes inside your container part of that group.

例如:

apiVersion: v1
kind: Pod
metadata:
  name: POD_NAME
spec:
  securityContext:
    fsGroup: GROUP_ID
...

这篇关于使用OpenShift进行卷装载的写权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！