kubernetes:使用 valueFrom 在环境变量中使用 runAsUser 的值?
kubernetes: using value of runAsUser in an environment variable using valueFrom?
我有一个 kubernetes 部署,它启动了一个 pod,在其 securityContext 中包含一个 runAsUser 键。我希望我可以使用 valueFrom 将此值保留在 initContainer 的环境中,如下所示:
apiVersion: apps/v1
kind: Deployment
metadata:
name: testdeployment
spec:
template:
spec:
containers:
- name: myservice
image: myimage
securityContext:
runAsUser: 1000
initContainers:
- name: initialize_things
image: myimage
env:
- name: CONTAINER_UID
valueFrom:
fieldRef:
fieldPath: spec.containers[0].securityContext.runAsUser
这似乎行不通:
The Deployment "testdeployment" is invalid: spec.template.spec.initContainers[0].env[0].valueFrom.fieldRef.fieldPath: Invalid value: "spec.containers[0].securityContext.runAsUser": error converting fieldPath: field label not supported: spec.containers[0].securityContext.runAsUser
有什么方法可以让它工作吗?我正在尝试减少对 UID 进行硬编码的地方的数量。
我认为你无法完成这项工作,因为 The downward API 不支持 spec.containers[0].securityContext.runAsUser 作为字段。
顺便说一句,在你的情况下更合乎逻辑的是放置完整路径,我的意思是 spec.template.spec.containers[0].securityContext.runAsUser,但无论如何,它不会有帮助
根据 Capabilities of the Downward API - 您只能使用几个字段
Information available via fieldRef:
metadata.name
metadata.namespace
metadata.uid
metadata.labels['<KEY>']
metadata.annotations['<KEY>']
In addition, the following information is available through downwardAPI volume fieldRef:
metadata.labels
metadata.annotations
The following information is available through environment variables:
status.podIP
spec.serviceAccountName
spec.nodeName
status.hostIP
您可以在 github 上找到非常相似的问题已关闭:how to get imageID in container
我有一个 kubernetes 部署,它启动了一个 pod,在其 securityContext 中包含一个 runAsUser 键。我希望我可以使用 valueFrom 将此值保留在 initContainer 的环境中,如下所示:
apiVersion: apps/v1
kind: Deployment
metadata:
name: testdeployment
spec:
template:
spec:
containers:
- name: myservice
image: myimage
securityContext:
runAsUser: 1000
initContainers:
- name: initialize_things
image: myimage
env:
- name: CONTAINER_UID
valueFrom:
fieldRef:
fieldPath: spec.containers[0].securityContext.runAsUser
这似乎行不通:
The Deployment "testdeployment" is invalid: spec.template.spec.initContainers[0].env[0].valueFrom.fieldRef.fieldPath: Invalid value: "spec.containers[0].securityContext.runAsUser": error converting fieldPath: field label not supported: spec.containers[0].securityContext.runAsUser
有什么方法可以让它工作吗?我正在尝试减少对 UID 进行硬编码的地方的数量。
我认为你无法完成这项工作,因为 The downward API 不支持 spec.containers[0].securityContext.runAsUser 作为字段。
顺便说一句,在你的情况下更合乎逻辑的是放置完整路径,我的意思是 spec.template.spec.containers[0].securityContext.runAsUser,但无论如何,它不会有帮助
根据 Capabilities of the Downward API - 您只能使用几个字段
Information available via fieldRef:
metadata.name
metadata.namespace
metadata.uid
metadata.labels['<KEY>']
metadata.annotations['<KEY>']
In addition, the following information is available through downwardAPI volume fieldRef:
metadata.labels
metadata.annotations
The following information is available through environment variables:
status.podIP
spec.serviceAccountName
spec.nodeName
status.hostIP
您可以在 github 上找到非常相似的问题已关闭:how to get imageID in container