chown:更改“/data/db"的所有权:不允许操作 [英] chown: changing ownership of '/data/db': Operation not permitted

问题描述

能否使用nfs volume plugin来维护kubernetes集群间的高可用和容灾?

Can we use nfs volume plugin to maintain the High Availability and Disaster Recovery among the kubernetes cluster?

我正在使用 MongoDB 运行 pod.获取错误

I am running the pod with MongoDB. Getting the error

chown:更改/data/db"的所有权:不允许操作.

chown: changing ownership of '/data/db': Operation not permitted .

云任何机构，请建议我如何解决错误?(或)

Cloud any body, Please suggest me how to resolve the error? (or)

是否有任何替代的卷插件可以在 kubernetes 集群中实现 HA-DR?

Is any alternative volume plugin is suggestible to achieve HA- DR in kubernetes cluster?

推荐答案

chown:更改/data/db"的所有权:不允许操作.

chown: changing ownership of '/data/db': Operation not permitted .

您需要以 root 身份启动 mongo 容器，以便您可以 chown 目录，或者如果图像禁止它(因为一些图像已经有一个 USER mongo 子句，禁止容器将权限提升回 root)，然后两件事之一:用 <containers: 中的 code>securityContext 节或使用 initContainer: 抢先将目标文件夹更改为 mongo UID:

You'll want to either launch the mongo container as root, so that you can chown the directory, or if the image prohibits it (as some images already have a USER mongo clause that prohibits the container from escalating privileges back up to root), then one of two things: supersede the user with a securityContext stanza in containers: or use an initContainer: to preemptively change the target folder to be the mongo UID:

方法一:

containers:
- name: mongo
  image: mongo:something
  securityContext:
    runAsUser: 0

(这可能需要更改集群的配置以允许此类内容出现在 PodSpec 中)

方法#2(这是我用于 Elasticsearch 图像的方法):

Approach #2 (which is the one I use with Elasticsearch images):

initContainers:
- name: chmod-er
  image: busybox:latest
  command:
  - /bin/chown
  - -R
  - "1000"  # or whatever the mongo UID is, use string "1000" not 1000 due to yaml
  - /data/db
  volumeMounts:
  - name: mongo-data  # or whatever
    mountPath: /data/db
containers:
- name: mongo  # then run your container as before

这篇关于chown:更改“/data/db"的所有权:不允许操作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！