bootBuildImage可以创建可写卷吗? [英] can `bootBuildImage` create writeable volumes?
问题描述
给出一个将文件写入/var/lib/app/files
的spring boot应用程序.
Given a spring boot app that writes files to /var/lib/app/files
.
我用gradle任务创建了一个docker镜像:
I create an docker image with the gradle task:
./gradlew bootBuildImage --imageName=app:latest
然后,我想在 docker-compose
中使用它:
Then, I want to use it in docker-compose
:
version: '3.5'
services:
app:
image: app:latest
volumes:
- app-storage:/var/lib/app/files
// ...ports etc
volumes:
app-storage:
这将失败,因为该文件夹是在 docker-compose up
期间创建的,并且由 root
和应用程序拥有,因此对该文件夹无写权限.
This will fail, because the folder is created during docker-compose up
and is owned by root
and the app, hence, has no write access to the folder.
快速解决方案是通过指定 user:root
:
The quick fix is to run the image as root
by specifying user: root
:
version: '3.5'
services:
app:
image: app:latest
user: root # <------------ required
volumes:
- app-storage:/var/lib/app/files
// ...ports etc
volumes:
app-storage:
这工作正常,但我不想以 root
身份运行它.我想知道如何实现它?我通常可以创建一个 Dockerfile
,该文件创建具有正确所有权和写入权限的所需文件夹.但是据我所知,构建包不使用自定义的 Dockerfile
,因此 bootBuildImage
不会使用它-对吗?那么我们如何创建可写卷?
This works fine, but I do not want to run it as root
. I wonder how to achieve it? I normally could create a Dockerfile
that creates the desired folder with correct ownership and write permissions. But as far as I know build packs do not use a custom Dockerfile
and hence bootBuildImage
would not use it - correct? How can we create writable volumes then?
推荐答案
通过检查映像,我发现buildpack使用/cnb/lifecycle/launcher
启动应用程序.因此,我能够自定义docker命令并在启动前修复特定文件夹的所有者:
By inspecting the image I found that the buildpack uses /cnb/lifecycle/launcher
to launch the application. Hence I was able to customize the docker command and fix the owner of the specific folder before launch:
version: '3.5'
services:
app:
image: app:latest
# enable the app to write to the storage folder (docker will create it as root by default)
user: root
command: "/bin/sh -c 'chown 1000:1000 /var/lib/app/files && /cnb/lifecycle/launcher'"
volumes:
- app-storage:/var/lib/app/files
// ...ports etc
volumes:
app-storage:
仍然,这不是很好,因为它不是直接的(因此我未来的自我将需要花费时间来重新理解它),并且它的可扩展性非常有限.
Still, this is not very nice, because it is not straight forward (and hence my future self will need to spent time on understand it again) and also it is very limited in its extensibility.
更新2020年10月30日-Spring Boot 2.3
我们最终创建了另一个Dockerfile/层,因此我们无需在docker-compose文件中为此烦恼:
We ended up creating another Dockerfile/layer so that we do not need to hassle with this in the docker-compose file:
# The base_image should hold a reference to the image created by ./gradlew bootBuildImage
ARG base_image
FROM ${base_image}
ENV APP_STORAGE_LOCAL_FOLDER_PATH /var/lib/app/files
USER root
RUN mkdir -p ${APP_STORAGE_LOCAL_FOLDER_PATH}
RUN chown ${CNB_USER_ID}:${CNB_GROUP_ID} ${APP_STORAGE_LOCAL_FOLDER_PATH}
USER ${CNB_USER_ID}:${CNB_GROUP_ID}
ENTRYPOINT /cnb/lifecycle/launcher
更新25.11.2020-Spring Boot 2.4
请注意,上述Dockerfile将导致此错误:
Note that the above Dockerfile will result in this error:
ERROR: failed to launch: determine start command: when there is no default process a command is required
原因是paketo构建器的默认入口点已更改.将入口点从/cnb/lifecycle/launcher
更改为新的修复点:
The reason is that the default entrypoint by the paketo builder changed. Changing the entrypoint from /cnb/lifecycle/launcher
to the new one fixes it:
ENTRYPOINT /cnb/process/web
另请参阅以下问题: 查看全文