无法将 visual studio 代码(远程)附加到 WordPress Bitnami helm release pod (Kubernetes)
Cannot attach visual studio code (remote) to WordPress Bitnami helm release pod (Kubernetes)
尝试将 visual studio 代码附加到 WordPress pod(使用 kubernetes 扩展)时得到以下信息:
An error occurred attaching to the container
终端中显示以下内容:
[3 ms] Remote-Containers 0.166.0 in VS Code 1.55.0 (c185983a683d14c396952dd432459097bc7f757f).
[48 ms] Start: Resolving Remote
[51 ms] Start: Run: kubectl exec -it wp-test-2-wordpress-65859bfc97-qtr9w --namespace default --container wordpress -- /bin/sh -c VSCODE_REMOTE_CONTAINERS_SESSION='5875030e-bcef-47a6-ada5-7f69edb5d9091617678415893' /bin/sh
[56 ms] Start: Run in container: id -un
[279 ms] 1001
[279 ms] Unable to use a TTY - input is not a terminal or the right kind of file
id: cannot find name for user ID 1001
[279 ms] Exit code 1
[281 ms] Command in container failed: id -un
我在任何其他 helm 版本上执行完全相同的操作都没有这样的问题。仅限 Bitnami WordPress helm 版本。
这是因为 Bitnami WordPress 映像(版本 9.0.0)已迁移到“非 root”用户方法。从现在开始,容器和 Apache 守护进程 运行 作为用户 1001.
您可以在 Bitnami WordPress documentation 中找到更多信息:
The Bitnami WordPress image was migrated to a "non-root" user approach. Previously the container ran as the root user and the Apache daemon was started as the daemon user. From now on, both the container and the Apache daemon run as user 1001. You can revert this behavior by setting the parameters securityContext.runAsUser, and securityContext.fsGroup to 0. Chart labels and Ingress configuration were also adapted to follow the Helm charts best practices.
出现此问题是因为 运行在 WordPress Pod 中使用 id -un 命令导致错误:
$ kubectl exec -it my-1-wordpress-756c595c9c-497xr -- bash
I have no name!@my-1-wordpress-756c595c9c-497xr:/$ id -un
id: cannot find name for user ID 1001
作为解决方法,您可以通过设置参数 securityContext.runAsUser 和 securityContext.fsGroup 到 0 来 运行 WordPress 作为 root,如Bitnami WordPress documentation.
出于演示目的,我只更改了containerSecurityContext.runAsUser参数:
$ helm install --set containerSecurityContext.runAsUser=0 my-1 bitnami/wordpress
然后我们可以检查id -un命令的输出:
$ kubectl exec -it my-1-wordpress-7c44f695ff-f9j9f -- bash
root@my-1-wordpress-7c44f695ff-f9j9f:/# id -un
root
如您所见,id -un 命令不会导致任何问题,因此我们现在可以成功连接到特定容器。
我知道这种解决方法并不理想,因为使用非根容器有很多优点。
不幸的是,在这种情况下,如果不修改 Dockerfile,我不知道有任何其他解决方法。
尝试将 visual studio 代码附加到 WordPress pod(使用 kubernetes 扩展)时得到以下信息:
An error occurred attaching to the container
终端中显示以下内容:
[3 ms] Remote-Containers 0.166.0 in VS Code 1.55.0 (c185983a683d14c396952dd432459097bc7f757f).
[48 ms] Start: Resolving Remote
[51 ms] Start: Run: kubectl exec -it wp-test-2-wordpress-65859bfc97-qtr9w --namespace default --container wordpress -- /bin/sh -c VSCODE_REMOTE_CONTAINERS_SESSION='5875030e-bcef-47a6-ada5-7f69edb5d9091617678415893' /bin/sh
[56 ms] Start: Run in container: id -un
[279 ms] 1001
[279 ms] Unable to use a TTY - input is not a terminal or the right kind of file
id: cannot find name for user ID 1001
[279 ms] Exit code 1
[281 ms] Command in container failed: id -un
我在任何其他 helm 版本上执行完全相同的操作都没有这样的问题。仅限 Bitnami WordPress helm 版本。
这是因为 Bitnami WordPress 映像(版本 9.0.0)已迁移到“非 root”用户方法。从现在开始,容器和 Apache 守护进程 运行 作为用户 1001.
您可以在 Bitnami WordPress documentation 中找到更多信息:
The Bitnami WordPress image was migrated to a "non-root" user approach. Previously the container ran as the root user and the Apache daemon was started as the daemon user. From now on, both the container and the Apache daemon run as user 1001. You can revert this behavior by setting the parameters securityContext.runAsUser, and securityContext.fsGroup to 0. Chart labels and Ingress configuration were also adapted to follow the Helm charts best practices.
出现此问题是因为 运行在 WordPress Pod 中使用 id -un 命令导致错误:
$ kubectl exec -it my-1-wordpress-756c595c9c-497xr -- bash
I have no name!@my-1-wordpress-756c595c9c-497xr:/$ id -un
id: cannot find name for user ID 1001
作为解决方法,您可以通过设置参数 securityContext.runAsUser 和 securityContext.fsGroup 到 0 来 运行 WordPress 作为 root,如Bitnami WordPress documentation.
出于演示目的,我只更改了containerSecurityContext.runAsUser参数:
$ helm install --set containerSecurityContext.runAsUser=0 my-1 bitnami/wordpress
然后我们可以检查id -un命令的输出:
$ kubectl exec -it my-1-wordpress-7c44f695ff-f9j9f -- bash
root@my-1-wordpress-7c44f695ff-f9j9f:/# id -un
root
如您所见,id -un 命令不会导致任何问题,因此我们现在可以成功连接到特定容器。
我知道这种解决方法并不理想,因为使用非根容器有很多优点。 不幸的是,在这种情况下,如果不修改 Dockerfile,我不知道有任何其他解决方法。