如何在 kubernetes 部署时覆盖文件?
How to overwrite file at a deployment time in kubernetes?
我正在尝试在 kubernetes 中部署 Diffusion 映像,我需要在部署时覆盖其中一个 Diffusion 配置文件。
实际上它是一个 SystemAuthentication.store 文件,在 /opt/Diffusion6.0.3_01/etc/ 中具有默认凭据。我正在秘密存储新文件并将其装载到 etc/test/ 中,可以在下面的部署文件中看到。
template:
metadata:
labels:
run: diffusion
spec:
serviceAccountName: diffusion-role
volumes:
- name: diffusion-secrets
secret:
secretName: diffusion-license
- name: ssl-cert
secret:
secretName: ssl-certificate
- name: system-authentication
secret:
secretName: system-authentication-store
containers:
- image: pushtechnology/diffusion:6.0.3
imagePullPolicy: IfNotPresent
name: diffusion
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8443
protocol: TCP
volumeMounts:
- name: diffusion-secrets
mountPath: /etc/diffusion-secrets
readOnly: true
- name: ssl-cert
mountPath: /etc/test/
readOnly: true
- name: system-authentication
mountPath: /etc/test/
command: [ "/bin/sh", "-c", "cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01" ]
当我部署此图像时 pods 失败
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m default-scheduler Successfully assigned diffusion-db6d6df7b-f5tp4 to timmy.pushtechnology.com
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "diffusion-role-token-n59ds"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "ssl-cert"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "system-authentication"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "diffusion-secrets"
Normal Killing 1m (x2 over 1m) kubelet, timmy.pushtechnology.com Killing container with id docker://diffusion:FailedPostStartHook
Warning BackOff 1m (x2 over 1m) kubelet, timmy.pushtechnology.com Back-off restarting failed container
Normal Pulled 1m (x3 over 2m) kubelet, timmy.pushtechnology.com Container image "pushtechnology/diffusion:6.0.3" already present on machine
Normal Created 1m (x3 over 1m) kubelet, timmy.pushtechnology.com Created container
Normal Started 1m (x3 over 1m) kubelet, timmy.pushtechnology.com Started container
Warning FailedPostStartHook 1m (x3 over 1m) kubelet, timmy.pushtechnology.com
Warning FailedSync 1m (x5 over 1m) kubelet, timmy.pushtechnology.com Error syncing pod
我也尝试过此处描述的工作方法:https://github.com/kubernetes/kubernetes/issues/19764#issuecomment-269879587
结果相同。
您用 cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01 覆盖了容器命令,这是一个完成后退出的命令。 Kubernetes 认为这是一个失败。
您需要将其替换为类似 cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01 && /path/to/original/binary 的内容,其中最后一个命令是图像在不覆盖命令的情况下启动的命令。这取决于你的形象。
我认为@svenwtl 可能是正确的,但是我正在使用的图像 Dockerfile 有一些复杂的结构,我不知道如何在部署文件中使用。
对我有用的修复(经过长时间的 try/fail 循环)是实际使用容器生命周期挂钩:
volumeMounts:
- name: diffusion-secrets
mountPath: /etc/diffusion-secrets
readOnly: true
- name: ssl-cert
mountPath: /etc/test/
readOnly: true
- name: system-authentication
mountPath: /etc/test1/
lifecycle:
postStart:
exec:
command: [ "/bin/sh", "-c", "cp -f /etc/test1/SystemAuthentication.store /opt/Diffusion6.0.3_01/etc/" ]
我还在不同的文件夹 /etc/test1 中安装了 SystemAuthentication,但我认为这不是修复的一部分。
我正在尝试在 kubernetes 中部署 Diffusion 映像,我需要在部署时覆盖其中一个 Diffusion 配置文件。
实际上它是一个 SystemAuthentication.store 文件,在 /opt/Diffusion6.0.3_01/etc/ 中具有默认凭据。我正在秘密存储新文件并将其装载到 etc/test/ 中,可以在下面的部署文件中看到。
template:
metadata:
labels:
run: diffusion
spec:
serviceAccountName: diffusion-role
volumes:
- name: diffusion-secrets
secret:
secretName: diffusion-license
- name: ssl-cert
secret:
secretName: ssl-certificate
- name: system-authentication
secret:
secretName: system-authentication-store
containers:
- image: pushtechnology/diffusion:6.0.3
imagePullPolicy: IfNotPresent
name: diffusion
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8443
protocol: TCP
volumeMounts:
- name: diffusion-secrets
mountPath: /etc/diffusion-secrets
readOnly: true
- name: ssl-cert
mountPath: /etc/test/
readOnly: true
- name: system-authentication
mountPath: /etc/test/
command: [ "/bin/sh", "-c", "cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01" ]
当我部署此图像时 pods 失败
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m default-scheduler Successfully assigned diffusion-db6d6df7b-f5tp4 to timmy.pushtechnology.com
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "diffusion-role-token-n59ds"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "ssl-cert"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "system-authentication"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "diffusion-secrets"
Normal Killing 1m (x2 over 1m) kubelet, timmy.pushtechnology.com Killing container with id docker://diffusion:FailedPostStartHook
Warning BackOff 1m (x2 over 1m) kubelet, timmy.pushtechnology.com Back-off restarting failed container
Normal Pulled 1m (x3 over 2m) kubelet, timmy.pushtechnology.com Container image "pushtechnology/diffusion:6.0.3" already present on machine
Normal Created 1m (x3 over 1m) kubelet, timmy.pushtechnology.com Created container
Normal Started 1m (x3 over 1m) kubelet, timmy.pushtechnology.com Started container
Warning FailedPostStartHook 1m (x3 over 1m) kubelet, timmy.pushtechnology.com
Warning FailedSync 1m (x5 over 1m) kubelet, timmy.pushtechnology.com Error syncing pod
我也尝试过此处描述的工作方法:https://github.com/kubernetes/kubernetes/issues/19764#issuecomment-269879587
结果相同。
您用 cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01 覆盖了容器命令,这是一个完成后退出的命令。 Kubernetes 认为这是一个失败。
您需要将其替换为类似 cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01 && /path/to/original/binary 的内容,其中最后一个命令是图像在不覆盖命令的情况下启动的命令。这取决于你的形象。
我认为@svenwtl Dockerfile 有一些复杂的结构,我不知道如何在部署文件中使用。
对我有用的修复(经过长时间的 try/fail 循环)是实际使用容器生命周期挂钩:
volumeMounts:
- name: diffusion-secrets
mountPath: /etc/diffusion-secrets
readOnly: true
- name: ssl-cert
mountPath: /etc/test/
readOnly: true
- name: system-authentication
mountPath: /etc/test1/
lifecycle:
postStart:
exec:
command: [ "/bin/sh", "-c", "cp -f /etc/test1/SystemAuthentication.store /opt/Diffusion6.0.3_01/etc/" ]
我还在不同的文件夹 /etc/test1 中安装了 SystemAuthentication,但我认为这不是修复的一部分。