Kubernetes:如何设置 VolumeMount 用户组和文件权限 [英] Kubernetes: how to set VolumeMount user group and file permissions

问题描述

我正在使用 kops 在 AWS 上运行 Kubernetes 集群.我已将 EBS 卷安装到容器上，它可以从我的应用程序中看到，但它是只读的，因为我的应用程序不是以 root 身份运行的.如何以 root 以外的用户身份挂载 PersistentVolumeClaim?VolumeMount 似乎没有任何选项来控制挂载路径的用户、组或文件权限.

I'm running a Kubernetes cluster on AWS using kops. I've mounted an EBS volume onto a container and it is visible from my application but it's read only because my application does not run as root. How can I mount a PersistentVolumeClaim as a user other than root? The VolumeMount does not seem to have any options to control the user, group or file permissions of the mounted path.

这是我的部署 yaml 文件:

Here is my Deployment yaml file:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: notebook-1
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: notebook-1
    spec:
      volumes:
      - name: notebook-1
        persistentVolumeClaim:
          claimName: notebook-1
      containers:
      - name: notebook-1
        image: jupyter/base-notebook
        ports:
        - containerPort: 8888
        volumeMounts:
        - mountPath: "/home/jovyan/work"
          name: notebook-1

推荐答案

Pod 安全上下文支持设置 fsGroup，它允许您设置拥有卷的组 ID，从而谁可以写信给它.文档中的示例:

The Pod Security Context supports setting an fsGroup, which allows you to set the group ID that owns the volume, and thus who can write to it. The example in the docs:

apiVersion: v1
kind: Pod
metadata:
  name: hello-world
spec:
  containers:
  # specification of the pod's containers
  # ...
  securityContext:
    fsGroup: 1234

关于此的更多信息在这里

这篇关于Kubernetes:如何设置 VolumeMount 用户组和文件权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！