NFS/hostPath 在 kubernetes 中以非 root 身份挂载
NFS/hostPath mount as non-root in kubernetes
如何以 Alejandra(1001) 用户身份挂载 NFS?
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: external-ns
name: app1
labels:
app: app1
annotations:
pv.beta.kubernetes.io/gid: "1001"
spec:
replicas: 1
selector:
matchLabels:
app: app1
template:
metadata:
labels:
app: app1
spec:
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
nodeSelector:
node-role.kubernetes.io/worker: worker
containers:
- image: 192.168.1.1:5000/app1
imagePullPolicy: Always
name: app1
volumeMounts:
- mountPath: /app/var
name: networkshared-fs-0
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: networkshared-fs-0
spec:
capacity:
storage: 80Gi
accessModes:
- ReadWriteMany
mountOptions:
- vers=4.0
nfs:
path: /var/lib/alejandra
server: 192.168.1.2
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: alejandra-dashboard
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
当我执行 ls 时,我得到了这个:
kubectl exec -ti app1-XXX -- ls -al /var
total 12
drwxr-xr-x. 2 root root 4096 Jul 1 12:48 .
drwxr-xr-x. 1 alejandra alejandra 4096 Jul 2 11:20 ..
NFS 服务器确实有这个 /etc/exports:
/var/lib/alejandra 10.0.0.13/32(rw,no_root_squash,no_subtree_check)
/var/lib/alejandra10.0.0.13/32(rw,no_root_squash,no_subtree_check)
谢谢
已更新:hostPath 也发生了同样的情况。
您需要为其使用供应商,看看,仅设置 NFS 是不够的,您需要添加角色和角色绑定、SA 等
https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner
如何以 Alejandra(1001) 用户身份挂载 NFS?
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: external-ns
name: app1
labels:
app: app1
annotations:
pv.beta.kubernetes.io/gid: "1001"
spec:
replicas: 1
selector:
matchLabels:
app: app1
template:
metadata:
labels:
app: app1
spec:
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
nodeSelector:
node-role.kubernetes.io/worker: worker
containers:
- image: 192.168.1.1:5000/app1
imagePullPolicy: Always
name: app1
volumeMounts:
- mountPath: /app/var
name: networkshared-fs-0
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: networkshared-fs-0
spec:
capacity:
storage: 80Gi
accessModes:
- ReadWriteMany
mountOptions:
- vers=4.0
nfs:
path: /var/lib/alejandra
server: 192.168.1.2
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: alejandra-dashboard
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
当我执行 ls 时,我得到了这个:
kubectl exec -ti app1-XXX -- ls -al /var
total 12
drwxr-xr-x. 2 root root 4096 Jul 1 12:48 .
drwxr-xr-x. 1 alejandra alejandra 4096 Jul 2 11:20 ..
NFS 服务器确实有这个 /etc/exports:
/var/lib/alejandra 10.0.0.13/32(rw,no_root_squash,no_subtree_check) /var/lib/alejandra10.0.0.13/32(rw,no_root_squash,no_subtree_check)
谢谢
已更新:hostPath 也发生了同样的情况。
您需要为其使用供应商,看看,仅设置 NFS 是不够的,您需要添加角色和角色绑定、SA 等
https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner