Kubernetes:如何设置 VolumeMount 用户组和文件权限 [英] Kubernetes: how to set VolumeMount user group and file permissions
问题描述
我正在使用 kops 在 AWS 上运行 Kubernetes 集群.我已将 EBS 卷安装到容器上,它可以从我的应用程序中看到,但它是只读的,因为我的应用程序不是以 root 身份运行的.如何以 root 以外的用户身份挂载 PersistentVolumeClaim
?VolumeMount
似乎没有任何选项来控制挂载路径的用户、组或文件权限.
I'm running a Kubernetes cluster on AWS using kops. I've mounted an EBS volume onto a container and it is visible from my application but it's read only because my application does not run as root. How can I mount a PersistentVolumeClaim
as a user other than root? The VolumeMount
does not seem to have any options to control the user, group or file permissions of the mounted path.
这是我的部署 yaml 文件:
Here is my Deployment yaml file:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: notebook-1
spec:
replicas: 1
template:
metadata:
labels:
app: notebook-1
spec:
volumes:
- name: notebook-1
persistentVolumeClaim:
claimName: notebook-1
containers:
- name: notebook-1
image: jupyter/base-notebook
ports:
- containerPort: 8888
volumeMounts:
- mountPath: "/home/jovyan/work"
name: notebook-1
推荐答案
Pod 安全上下文支持设置 fsGroup
,它允许您设置拥有卷的组 ID,从而谁可以写信给它.文档中的示例:
The Pod Security Context supports setting an fsGroup
, which allows you to set the group ID that owns the volume, and thus who can write to it. The example in the docs:
apiVersion: v1
kind: Pod
metadata:
name: hello-world
spec:
containers:
# specification of the pod's containers
# ...
securityContext:
fsGroup: 1234
关于此的更多信息在这里
这篇关于Kubernetes:如何设置 VolumeMount 用户组和文件权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!