Azure Kubernetes 服务中 PVC 的读写权限问题
Read-Write permissions issue for PVC in Azure Kubernetes Service
目前我尝试在 Azure Kubernetes 服务上设置 Nextcloud 作为练习。基本上应用程序看起来 运行,但是在连接数据库之后,Nextcloud 以...
结尾
Please change the permissions of your storage to 0770 to prevent other people from accessing your data
我猜是因为我使用 azurefile 共享作为持久卷。我的 pvc 部署如下所示:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-shared-storage-claim
labels:
app: nextcloud
spec:
accessModes:
- ReadWriteOnce
storageClassName: azurefile
resources:
requests:
storage: 5Gi
我已经研究过该主题并找到了实现 pods 和 securityContext 权限使用的方法。因为我才刚刚开始使用 Azure 上的 Kubernetes,所以我在将 nextcloud 的部署文件与应用权限的 pod 绑定时遇到了一些困难。
完成 post - 这是我使用的 Nextcloud 的部署文件
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud-server
labels:
app: nextcloud
spec:
replicas: 1
selector:
matchLabels:
pod-label: nextcloud-server-pod
template:
metadata:
labels:
pod-label: nextcloud-server-pod
spec:
containers:
- name: nextcloud
image: nextcloud:20-apache
volumeMounts:
- name: server-storage
mountPath: /var/www/html
subPath: server-data
volumes:
- name: server-storage
persistentVolumeClaim:
claimName: nextcloud-shared-storage-claim
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud-server
labels:
app: nextcloud
spec:
selector:
pod-label: nextcloud-server-pod
ports:
- protocol: TCP
port: 80
我guess/hope这很简单。
将此答案作为社区 Wiki 发布,因为它可能对社区有所帮助。随意展开。
正如@Nick Graham 在评论中提到的那样
To modify the permissions on a mounted volume you’ll need to execute a script after the container starts up. Some images give you the option to copy scripts into a particular folder that are then executed at start up, check the docs to see if the image your using provides that functionality
很少.
另外根据这个comment你可以尝试在你的存储中指定这个权限class。
目前我尝试在 Azure Kubernetes 服务上设置 Nextcloud 作为练习。基本上应用程序看起来 运行,但是在连接数据库之后,Nextcloud 以...
结尾Please change the permissions of your storage to 0770 to prevent other people from accessing your data
我猜是因为我使用 azurefile 共享作为持久卷。我的 pvc 部署如下所示:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-shared-storage-claim
labels:
app: nextcloud
spec:
accessModes:
- ReadWriteOnce
storageClassName: azurefile
resources:
requests:
storage: 5Gi
我已经研究过该主题并找到了实现 pods 和 securityContext 权限使用的方法。因为我才刚刚开始使用 Azure 上的 Kubernetes,所以我在将 nextcloud 的部署文件与应用权限的 pod 绑定时遇到了一些困难。
完成 post - 这是我使用的 Nextcloud 的部署文件
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud-server
labels:
app: nextcloud
spec:
replicas: 1
selector:
matchLabels:
pod-label: nextcloud-server-pod
template:
metadata:
labels:
pod-label: nextcloud-server-pod
spec:
containers:
- name: nextcloud
image: nextcloud:20-apache
volumeMounts:
- name: server-storage
mountPath: /var/www/html
subPath: server-data
volumes:
- name: server-storage
persistentVolumeClaim:
claimName: nextcloud-shared-storage-claim
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud-server
labels:
app: nextcloud
spec:
selector:
pod-label: nextcloud-server-pod
ports:
- protocol: TCP
port: 80
我guess/hope这很简单。
将此答案作为社区 Wiki 发布,因为它可能对社区有所帮助。随意展开。
正如@Nick Graham 在评论中提到的那样
To modify the permissions on a mounted volume you’ll need to execute a script after the container starts up. Some images give you the option to copy scripts into a particular folder that are then executed at start up, check the docs to see if the image your using provides that functionality
很少
另外根据这个comment你可以尝试在你的存储中指定这个权限class。