PgAdmin 的 Kubernetes 持久卷挂载
Kubernetes persistent volume mount for PgAdmin
我正在尝试为我的 pgadmin 部署创建持久卷声明,以便在每次从 CD 管道部署后推出更新时,我可以保留我的设置、服务器等。
在我的日志中出现以下错误:
...
[2020-10-05 00:54:56 +0000] [91] [INFO] Worker exiting (pid: 91)
WARNING: Failed to set ACL on the directory containing the configuration database:
[Errno 1] Operation not permitted: '/var/lib/pgadmin'
HINT : You may need to manually set the permissions on
/var/lib/pgadmin to allow pgadmin to write to it.
ERROR : Failed to create the directory /var/lib/pgadmin/sessions:
[Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
HINT : Create the directory /var/lib/pgadmin/sessions, ensure it is writeable by
'pgadmin', and try again, or, create a config_local.py file
and override the SESSION_DB_PATH setting per
https://www.pgadmin.org/docs/pgadmin4/4.26/config_py.html
只是一堆写入权限失败:
PGAdmin 部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: pgadmin
spec:
selector:
matchLabels:
app: pgadmin
replicas: 1
template:
metadata:
labels:
app: pgadmin
spec:
containers:
- name: pgadmin4
image: dpage/pgadmin4
volumeMounts:
- mountPath: /var/lib/pgadmin
name: pgadminstorage
env:
- name: PGADMIN_DEFAULT_EMAIL
valueFrom:
secretKeyRef:
name: un
key: un
- name: PGADMIN_DEFAULT_PASSWORD
valueFrom:
secretKeyRef:
name: pw
key: pw
- name: PGADMIN_PORT
value: "80"
ports:
- containerPort: 80
name: pgadminport
volumes:
- name: pgadminstorage
persistentVolumeClaim:
claimName: pgadmin-persistent-volume-claims-cfg
数量
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pgadmin-persistent-volume-claims-cfg
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
我可能在这里遗漏了什么?
更新:
这可能是 digitalocean 特有的问题,无法设置权限。 PVC 会将 perms 设置为 root,但以 pgadmin 身份写入会导致启动时出现问题将此添加到我的 pgadmin 部署中修复了所有问题
initContainers:
- name: pgadmin-data-permission-fix
image: busybox
command: ["/bin/chown", "-R", "5050:5050", "/var/lib/pgadmin"]
volumeMounts:
- name: pgadminstorage
mountPath: /var/lib/pgadmin
您也可以对目录进行 chmod 递归,也可以。
我已经复制了你的问题。根本原因是 问题,而不是 Kubernetes。 Pods 将毫无问题地部署。您将收到错误消息,因为容器将无法在文件夹 /var/lib 中创建文件夹。如果您将检查 pgadmin pod 日志 - kubectl logs <pgadmin-pod> 您将看到如下错误:
$ kubectl logs pgadmin-d569b67fd-8rnkc
WARNING: Failed to set ACL on the directory containing the configuration database:
[Errno 1] Operation not permitted: '/var/lib/pgadmin'
HINT : You may need to manually set the permissions on
/var/lib/pgadmin to allow pgadmin to write to it.
ERROR : Failed to create the directory /var/lib/pgadmin/sessions:
[Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
HINT : Create the directory /var/lib/pgadmin/sessions, ensure it is writeable by
'pgadmin', and try again, or, create a config_local.py file
and override the SESSION_DB_PATH setting per
https://www.pgadmin.org/docs/pgadmin4/4.26/config_py.html
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
如果您检查 /var/lib/ 文件夹权限,您会发现您只能 Read 和 Execute,因此您将无法在此文件夹中创建任何内容(如默认情况下,您将以 pgadmin 用户身份登录。
drwxr-xr-x 1 root root 4096 Sep 5 14:01 lib
根据您的需要,您可以通过几种方式解决它。作为最快的解决方法,您只需更改允许 Write 的文件夹路径,例如 tmp.
drwxrwxrwt 1 root root 4096 Oct 5 14:28 tmp
在 YAML 中看起来像:
containers:
- name: pgadmin4
image: dpage/pgadmin4
volumeMounts:
- mountPath: /var/tmp/pgadmin
name: pgadminstorage
当您检查日志时,不会有任何问题。
$ kubectl logs pgadmin-6bb74cffb8-6q9tr
NOTE: Configuring authentication for SERVER mode.
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
[2020-10-05 14:28:15 +0000] [1] [INFO] Starting gunicorn 19.9.0
[2020-10-05 14:28:15 +0000] [1] [INFO] Listening at: http://[::]:80 (1)
[2020-10-05 14:28:15 +0000] [1] [INFO] Using worker: threads
/usr/local/lib/python3.8/os.py:1023: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
return io.open(fd, *args, **kwargs)
[2020-10-05 14:28:15 +0000] [89] [INFO] Booting worker with pid: 89
user@cloudshell:~/pgadmin (project)$
关于 PgAdmin 权限问题,Whosebug 或 Github 上已经有一些主题,例如:
pgadmin exit code 3 PermissionError: [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
[stable/pgadmin] files in /var/lib/pgadmin/sessions crash the pod
总之,您可以尝试手动更改权限或使用特定用户。
此外,如果您使用的是云环境,您可以考虑使用CloudSQL,而不是尝试将数据库放到云端。例如PostgreSQL with GKE
编辑
根据此答案下方的@Ryan 评论,您还可以使用 Init Containers 更改 /var/lib/ 权限。每个 init container 必须在下一个启动之前成功完成,并且它在 pod.
中的应用程序容器之前运行
specialized containers that run before app containers in a Pod. Init containers can contain utilities or setup scripts not present in an app image.
我正在尝试为我的 pgadmin 部署创建持久卷声明,以便在每次从 CD 管道部署后推出更新时,我可以保留我的设置、服务器等。
在我的日志中出现以下错误:
...
[2020-10-05 00:54:56 +0000] [91] [INFO] Worker exiting (pid: 91)
WARNING: Failed to set ACL on the directory containing the configuration database:
[Errno 1] Operation not permitted: '/var/lib/pgadmin'
HINT : You may need to manually set the permissions on
/var/lib/pgadmin to allow pgadmin to write to it.
ERROR : Failed to create the directory /var/lib/pgadmin/sessions:
[Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
HINT : Create the directory /var/lib/pgadmin/sessions, ensure it is writeable by
'pgadmin', and try again, or, create a config_local.py file
and override the SESSION_DB_PATH setting per
https://www.pgadmin.org/docs/pgadmin4/4.26/config_py.html
只是一堆写入权限失败:
PGAdmin 部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: pgadmin
spec:
selector:
matchLabels:
app: pgadmin
replicas: 1
template:
metadata:
labels:
app: pgadmin
spec:
containers:
- name: pgadmin4
image: dpage/pgadmin4
volumeMounts:
- mountPath: /var/lib/pgadmin
name: pgadminstorage
env:
- name: PGADMIN_DEFAULT_EMAIL
valueFrom:
secretKeyRef:
name: un
key: un
- name: PGADMIN_DEFAULT_PASSWORD
valueFrom:
secretKeyRef:
name: pw
key: pw
- name: PGADMIN_PORT
value: "80"
ports:
- containerPort: 80
name: pgadminport
volumes:
- name: pgadminstorage
persistentVolumeClaim:
claimName: pgadmin-persistent-volume-claims-cfg
数量
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pgadmin-persistent-volume-claims-cfg
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
我可能在这里遗漏了什么?
更新:
这可能是 digitalocean 特有的问题,无法设置权限。 PVC 会将 perms 设置为 root,但以 pgadmin 身份写入会导致启动时出现问题将此添加到我的 pgadmin 部署中修复了所有问题
initContainers:
- name: pgadmin-data-permission-fix
image: busybox
command: ["/bin/chown", "-R", "5050:5050", "/var/lib/pgadmin"]
volumeMounts:
- name: pgadminstorage
mountPath: /var/lib/pgadmin
您也可以对目录进行 chmod 递归,也可以。
我已经复制了你的问题。根本原因是 /var/lib 中创建文件夹。如果您将检查 pgadmin pod 日志 - kubectl logs <pgadmin-pod> 您将看到如下错误:
$ kubectl logs pgadmin-d569b67fd-8rnkc
WARNING: Failed to set ACL on the directory containing the configuration database:
[Errno 1] Operation not permitted: '/var/lib/pgadmin'
HINT : You may need to manually set the permissions on
/var/lib/pgadmin to allow pgadmin to write to it.
ERROR : Failed to create the directory /var/lib/pgadmin/sessions:
[Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
HINT : Create the directory /var/lib/pgadmin/sessions, ensure it is writeable by
'pgadmin', and try again, or, create a config_local.py file
and override the SESSION_DB_PATH setting per
https://www.pgadmin.org/docs/pgadmin4/4.26/config_py.html
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
如果您检查 /var/lib/ 文件夹权限,您会发现您只能 Read 和 Execute,因此您将无法在此文件夹中创建任何内容(如默认情况下,您将以 pgadmin 用户身份登录。
drwxr-xr-x 1 root root 4096 Sep 5 14:01 lib
根据您的需要,您可以通过几种方式解决它。作为最快的解决方法,您只需更改允许 Write 的文件夹路径,例如 tmp.
drwxrwxrwt 1 root root 4096 Oct 5 14:28 tmp
在 YAML 中看起来像:
containers:
- name: pgadmin4
image: dpage/pgadmin4
volumeMounts:
- mountPath: /var/tmp/pgadmin
name: pgadminstorage
当您检查日志时,不会有任何问题。
$ kubectl logs pgadmin-6bb74cffb8-6q9tr
NOTE: Configuring authentication for SERVER mode.
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
[2020-10-05 14:28:15 +0000] [1] [INFO] Starting gunicorn 19.9.0
[2020-10-05 14:28:15 +0000] [1] [INFO] Listening at: http://[::]:80 (1)
[2020-10-05 14:28:15 +0000] [1] [INFO] Using worker: threads
/usr/local/lib/python3.8/os.py:1023: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
return io.open(fd, *args, **kwargs)
[2020-10-05 14:28:15 +0000] [89] [INFO] Booting worker with pid: 89
user@cloudshell:~/pgadmin (project)$
关于 PgAdmin 权限问题,Whosebug 或 Github 上已经有一些主题,例如:
pgadmin exit code 3 PermissionError: [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
[stable/pgadmin] files in /var/lib/pgadmin/sessions crash the pod
总之,您可以尝试手动更改权限或使用特定用户。
此外,如果您使用的是云环境,您可以考虑使用CloudSQL,而不是尝试将数据库放到云端。例如PostgreSQL with GKE
编辑
根据此答案下方的@Ryan 评论,您还可以使用 Init Containers 更改 /var/lib/ 权限。每个 init container 必须在下一个启动之前成功完成,并且它在 pod.
specialized containers that run before app containers in a Pod. Init containers can contain utilities or setup scripts not present in an app image.