no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | linux_faq:kubernetes_kubelet_setting_volume_ownership_warning_flood [2020/03/25 18:39] (current) – created admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | В логах kubelet полно вот такого: | ||
+ | < | ||
+ | Mar 25 18:31:30 kub kubelet[899]: | ||
+ | Mar 25 18:31:32 kub kubelet[899]: | ||
+ | Mar 25 18:31:32 kub kubelet[899]: | ||
+ | Mar 25 18:31:33 kub kubelet[899]: | ||
+ | Mar 25 18:31:33 kub kubelet[899]: | ||
+ | Mar 25 18:31:42 kub kubelet[899]: | ||
+ | Mar 25 18:31:42 kub kubelet[899]: | ||
+ | Mar 25 18:31:42 kub kubelet[899]: | ||
+ | Mar 25 18:31:42 kub kubelet[899]: | ||
+ | Подозреваю, | ||
+ | Попробую сделать так: https:// | ||
+ | |||
+ | < | ||
+ | |||
+ | This came as one of the challenges for the Kubernetes Deployments/ | ||
+ | |||
+ | So, the non-root user must have access to the folder where it wants to read and write data. | ||
+ | |||
+ | Please follow the below steps for the same. | ||
+ | |||
+ | Create user group and assign group ID in Dockerfile. | ||
+ | Create user with user ID and add to the group in Dockerfile. | ||
+ | change ownership recursively for the folders the user process wants to read/write. | ||
+ | |||
+ | Add the below lines in Deployment/ | ||
+ | |||
+ | spec: | ||
+ | securityContext: | ||
+ | runAsUser: 1099 | ||
+ | runAsGroup: 1099 | ||
+ | fsGroup: 1099 | ||
+ | |||
+ | runAsUser | ||
+ | |||
+ | Specifies that for any Containers in the Pod, all processes run with user ID 1099. | ||
+ | |||
+ | runAsGroup | ||
+ | |||
+ | Specifies the primary group ID of 1099 for all processes within any containers of the Pod. | ||
+ | |||
+ | If this field is omitted, the primary group ID of the containers will be root(0). | ||
+ | |||
+ | Any files created will also be owned by user 1099 and group 1099 when runAsGroup is specified. | ||
+ | |||
+ | fsGroup | ||
+ | |||
+ | Specifies the owner of any volume attached will be owner by group ID 1099. | ||
+ | |||
+ | Any files created under it will be having permission of nonrootgroup: | ||
+ | </ |