no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


linux_faq:kubernetes_kubelet_setting_volume_ownership_warning_flood [2020/03/25 18:39] (current) – created admin
Line 1: Line 1:
 +В логах kubelet полно вот такого:
 +<code>Mar 25 18:31:18 kub kubelet[899]: W0325 18:31:18.244545     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/91e33d5d-648a-4aba-bbff-e3da6ea7596f/volumes/kubernetes.
 +Mar 25 18:31:30 kub kubelet[899]: W0325 18:31:30.220311     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/765ffa3f-0a8a-4b65-8c37-8555c1854829/volumes/kubernetes.
 +Mar 25 18:31:32 kub kubelet[899]: W0325 18:31:32.232058     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/de64ae28-9f70-44b0-ae2c-7d2b0f080169/volumes/kubernetes.
 +Mar 25 18:31:32 kub kubelet[899]: W0325 18:31:32.232171     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/de64ae28-9f70-44b0-ae2c-7d2b0f080169/volumes/kubernetes.
 +Mar 25 18:31:33 kub kubelet[899]: W0325 18:31:33.237612     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/3eb10467-d9fb-473c-8892-e57dfb7191ad/volumes/kubernetes.
 +Mar 25 18:31:33 kub kubelet[899]: W0325 18:31:33.237666     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/3eb10467-d9fb-473c-8892-e57dfb7191ad/volumes/kubernetes.
 +Mar 25 18:31:42 kub kubelet[899]: W0325 18:31:42.285697     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/89392ae2-6b17-47b4-85ac-813c2781234b/volumes/kubernetes.
 +Mar 25 18:31:42 kub kubelet[899]: W0325 18:31:42.285795     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/89392ae2-6b17-47b4-85ac-813c2781234b/volumes/kubernetes.
 +Mar 25 18:31:42 kub kubelet[899]: W0325 18:31:42.285821     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/89392ae2-6b17-47b4-85ac-813c2781234b/volumes/kubernetes.
 +Mar 25 18:31:42 kub kubelet[899]: W0325 18:31:42.287672     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/89392ae2-6b17-47b4-85ac-813c2781234b/volumes/kubernetes.</code>
  
 +Подозреваю, что причина в каких-то правах. \\
 +Попробую сделать так: https://stackoverflow.com/questions/43544370/kubernetes-how-to-set-volumemount-user-group-and-file-permissions#7
 +
 +<code>
 +
 +This came as one of the challenges for the Kubernetes Deployments/StatefulSets, when you have to run process inside a container as non-root user. But, when you mount a volume to a pod, it always gets mounted with the permission of root:root.
 +
 +So, the non-root user must have access to the folder where it wants to read and write data.
 +
 +Please follow the below steps for the same.
 +
 +    Create user group and assign group ID in Dockerfile.
 +    Create user with user ID and add to the group in Dockerfile.
 +    change ownership recursively for the folders the user process wants to read/write.
 +
 +    Add the below lines in Deployment/StatefulSet in pod spec context.
 +
 +    spec:
 +      securityContext:
 +        runAsUser: 1099
 +        runAsGroup: 1099
 +        fsGroup: 1099
 +
 +runAsUser
 +
 +Specifies that for any Containers in the Pod, all processes run with user ID 1099.
 +
 +runAsGroup
 +
 +Specifies the primary group ID of 1099 for all processes within any containers of the Pod.
 +
 +If this field is omitted, the primary group ID of the containers will be root(0).
 +
 +Any files created will also be owned by user 1099 and group 1099 when runAsGroup is specified.
 +
 +fsGroup
 +
 +Specifies the owner of any volume attached will be owner by group ID 1099.
 +
 +Any files created under it will be having permission of nonrootgroup:nonrootgroup.
 +</code>
  • linux_faq/kubernetes_kubelet_setting_volume_ownership_warning_flood.txt
  • Last modified: 2020/03/25 18:39
  • by admin