尝试 copy/mount 文件到 AWX kubernetes pod 但出现错误
Trying to copy/mount file to AWX kubernetes pod but getting error
我正在尝试将文件添加到 kubernetes 中 AWX task/web 容器的 /etc/ 目录中。我对掌舵还很陌生,我不确定自己做错了什么。
我添加到我的 helm chart 的唯一东西是 configmap 中的 krb5 键和一个额外的卷和卷挂载到任务和 web 容器。 krb5.conf 文件位于 charts/mychart/files/
配置图:
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "awx.fullname" . }}-application-config
labels:
app.kubernetes.io/name: {{ include "awx.name" . }}
helm.sh/chart: {{ include "awx.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
krb5: |-
{{ .Files.Get "krb5.conf"}}
secret_key: {{ .Values.awx_secret_key }}
awx_settings: |
*some stuff*
部署:
数量添加到 deployment.yaml
的底部
volumes:
- name: {{ include "awx.fullname" . }}-application-config
configMap:
name: {{ include "awx.fullname" . }}-application-config
items:
- key: awx_settings
path: settings.py
- key: secret_key
path: SECRET_KEY
- name: {{ include "awx.fullname" . }}-application-config-krb5
configMap:
name: {{ include "awx.fullname" . }}-application-config
items:
- key: krb5
path: krb5.conf
卷装载添加到两个 task/web 容器
volumeMounts:
- mountPath: /etc/tower
name: {{ include "awx.fullname" . }}-application-config
- mountPath: /etc
name: {{ include "awx.fullname" . }}-application-config-krb5
我正在尝试将文件挂载到 kubernetes pod 中的容器,但出现以下错误:
Warning Failed 40s kubelet, aks-prdnode-18232119-1 Error: failed to start container "web": Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "process_linux.go:424: container init caused \"rootfs_linux.go:58: mounting \\"/var/lib/docker/containers/d66044fe204abbf9a4d3772370d0f8d4184e339e59ad9a018f046eade03b8418/resolv.conf\\" to rootfs \\"/var/lib/docker/overlay2/d9fa9705d70bbb864ed526a96f6a2873b2720c41a9f9ef5b4a428902e4cf3c82/merged\\" at \\"/var/lib/docker/overlay2/d9fa9705d70bbb864ed526a96f6a2873b2720c41a9f9ef5b4a428902e4cf3c82/merged/etc/resolv.conf\\" caused \\"open /var/lib/docker/overlay2/d9fa9705d70bbb864ed526a96f6a2873b2720c41a9f9ef5b4a428902e4cf3c82/merged/etc/resolv.conf: read-only file system\\"\"": unknown
您需要对 "reach into" 使用 subPath: 选项 -application-config-krb5 并只装载一个文件:
- mountPath: /etc/krb5.conf
name: {{ include "awx.fullname" . }}-application-config-krb5
subPath: krb5.conf
因为,正如错误正确指出的那样,您肯定不想吹走几乎 任何 容器环境的 /etc 目录(它会nuke /etc/passwd、/etc/hosts、resolv.conf 和无数其他重要文件)
我正在尝试将文件添加到 kubernetes 中 AWX task/web 容器的 /etc/ 目录中。我对掌舵还很陌生,我不确定自己做错了什么。
我添加到我的 helm chart 的唯一东西是 configmap 中的 krb5 键和一个额外的卷和卷挂载到任务和 web 容器。 krb5.conf 文件位于 charts/mychart/files/
配置图:
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "awx.fullname" . }}-application-config
labels:
app.kubernetes.io/name: {{ include "awx.name" . }}
helm.sh/chart: {{ include "awx.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
krb5: |-
{{ .Files.Get "krb5.conf"}}
secret_key: {{ .Values.awx_secret_key }}
awx_settings: |
*some stuff*
部署:
数量添加到 deployment.yaml
的底部volumes:
- name: {{ include "awx.fullname" . }}-application-config
configMap:
name: {{ include "awx.fullname" . }}-application-config
items:
- key: awx_settings
path: settings.py
- key: secret_key
path: SECRET_KEY
- name: {{ include "awx.fullname" . }}-application-config-krb5
configMap:
name: {{ include "awx.fullname" . }}-application-config
items:
- key: krb5
path: krb5.conf
卷装载添加到两个 task/web 容器
volumeMounts:
- mountPath: /etc/tower
name: {{ include "awx.fullname" . }}-application-config
- mountPath: /etc
name: {{ include "awx.fullname" . }}-application-config-krb5
我正在尝试将文件挂载到 kubernetes pod 中的容器,但出现以下错误:
Warning Failed 40s kubelet, aks-prdnode-18232119-1 Error: failed to start container "web": Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "process_linux.go:424: container init caused \"rootfs_linux.go:58: mounting \\"/var/lib/docker/containers/d66044fe204abbf9a4d3772370d0f8d4184e339e59ad9a018f046eade03b8418/resolv.conf\\" to rootfs \\"/var/lib/docker/overlay2/d9fa9705d70bbb864ed526a96f6a2873b2720c41a9f9ef5b4a428902e4cf3c82/merged\\" at \\"/var/lib/docker/overlay2/d9fa9705d70bbb864ed526a96f6a2873b2720c41a9f9ef5b4a428902e4cf3c82/merged/etc/resolv.conf\\" caused \\"open /var/lib/docker/overlay2/d9fa9705d70bbb864ed526a96f6a2873b2720c41a9f9ef5b4a428902e4cf3c82/merged/etc/resolv.conf: read-only file system\\"\"": unknown
您需要对 "reach into" 使用 subPath: 选项 -application-config-krb5 并只装载一个文件:
- mountPath: /etc/krb5.conf
name: {{ include "awx.fullname" . }}-application-config-krb5
subPath: krb5.conf
因为,正如错误正确指出的那样,您肯定不想吹走几乎 任何 容器环境的 /etc 目录(它会nuke /etc/passwd、/etc/hosts、resolv.conf 和无数其他重要文件)