k8s deployment 挂载 volumes 时提示 pe
2022-04-06 本文已影响0人
awker
比如部署 alertmanager 时,挂载了 volumes ,报错
level=error msg="Unable to create data directory" err="mkdir /etc/alertmanager/data: permission denied"
示例 alertmanager-deploy.yaml 如下:
# cat alertmanager-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: alertmanager
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
app: alertmanager
template:
metadata:
name: alertmanager
labels:
app: alertmanager
spec:
containers:
- name: alertmanager
image: prom/alertmanager:v0.24.0
args:
- "--config.file=/etc/alertmanager/config.yml"
- "--storage.path=/etc/alertmanager/data"
- "--web.listen-address=:9093"
ports:
- name: alertmanager
containerPort: 9093
resources:
requests:
cpu: 500m
memory: 500M
limits:
cpu: 1
memory: 1Gi
volumeMounts:
- name: alertmanager-nas-pvc
mountPath: /etc/alertmanager
subPath: alertmanager
volumes:
- name: alertmanager-nas-pvc
persistentVolumeClaim:
claimName: alertmanager-nas-pvc
解决办法:
使用 initContainers 更改容器的目录权限为容器运行用户的 ID
第一步:获取容器运行用户的 ID(根据情况指定为对应的容器镜像)
# docker run --name alertmanager -d prom/alertmanager:v0.24.0
# docker exec -it alertmanager id
uid=65534(nobody) gid=65534(nobody)
可以看到容器运行用户的 ID 为 65534
第二步:通过 initContainers 配置目录的权限为 容器运行用户的 ID
# cat alertmanager-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: alertmanager
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
app: alertmanager
template:
metadata:
name: alertmanager
labels:
app: alertmanager
spec:
containers:
- name: alertmanager
image: prom/alertmanager:v0.24.0
args:
- "--config.file=/etc/alertmanager/config.yml"
- "--storage.path=/etc/alertmanager/data"
- "--web.listen-address=:9093"
ports:
- name: alertmanager
containerPort: 9093
resources:
requests:
cpu: 500m
memory: 500M
limits:
cpu: 1
memory: 1Gi
volumeMounts:
- name: alertmanager-nas-pvc
mountPath: /etc/alertmanager
subPath: alertmanager
volumes:
- name: alertmanager-nas-pvc
persistentVolumeClaim:
claimName: alertmanager-nas-pvc
# 添加了 initContainers 这部分配置,修改 /etc/alertmanager 目录权限为 65534:65534
initContainers:
- command:
- chown
- -R
- "65534:65534"
- /etc/alertmanager
image: busybox:1.28
imagePullPolicy: IfNotPresent
name: init-file
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 500m
memory: 512Mi
securityContext:
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/alertmanager
name: alertmanager-nas-pvc
subPath: alertmanager
