kubernetes pod 上带有 Azure 文件的共享文件夹不起作用
Shared Folder with Azure File on kubernetes pod doesn't work
当我尝试与 kubernetes 卷共享文件夹时,我的部署出现问题。
该文件夹将使用 Azure 文件存储共享。
如果我在不共享文件夹 (/integrations) 的情况下部署我的图像,应用程序将启动。
as shown in the image below the pod via lens is up and running
如果我将文件夹的关系添加到卷,结果是 pod 将卡在错误 with this messagge
这里我放了我的yaml部署:
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: sandbox-pizzly
name: sandbox-pizzly-widget
labels:
app: sandbox-pizzly-widget
product: sandbox-pizzly
app.kubernetes.io/name: "sandbox-pizzly-widget"
app.kubernetes.io/version: "latest"
app.kubernetes.io/managed-by: "xxxx"
app.kubernetes.io/component: "sandbox-pizzly-widget"
app.kubernetes.io/part-of: "sandbox-pizzly"
spec:
replicas: 1
selector:
matchLabels:
app: sandbox-pizzly-widget
template:
metadata:
labels:
app: sandbox-pizzly-widget
spec:
containers:
- name: sandbox-pizzly-widget
image: davidep931/pizzly-proxy:latest
ports:
- containerPort: 8080
env:
- name: NODE_ENV
value: "production"
- name: DASHBOARD_USERNAME
value: "admin"
- name: DASHBOARD_PASSWORD
value: "admin"
- name: SECRET_KEY
value: "devSecretKey"
- name: PUBLISHABLE_KEY
value: "devPubKey"
- name: PROXY_USES_SECRET_KEY_ONLY
value: "FALSE"
- name: COOKIE_SECRET
value: "devCookieSecret"
- name: AUTH_CALLBACK_URL
value: "https://pizzly.mydomain/auth/callback"
- name: DB_HOST
value: "10.x.x.x"
- name: DB_PORT
value: "5432"
- name: DB_DATABASE
value: "postgresdb"
- name: DB_USER
value: "username"
- name: DB_PASSWORD
value: "password"
- name: PORT
value: "8080"
volumeMounts:
- mountPath: "/home/node/app/integrations"
name: pizzlystorage
resources:
requests:
memory: "100Mi"
cpu: "50m"
limits:
cpu: "75m"
memory: "200Mi"
---
apiVersion: v1
kind: Service
metadata:
namespace: sandbox-pizzly
name: sandbox-pizzly-widget
spec:
ports:
- port: 8080
targetPort: 8080
selector:
app: sandbox-pizzly-widget
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: sandbox-pizzly-pv-volume
labels:
type: local
app: products
spec:
storageClassName: azurefile
capacity:
storage: 1Gi
azureFile:
secretName: azure-secret
shareName: sandbox-pizzly-pv
readOnly: false
secretNamespace: sandbox-pizzly
accessModes:
- ReadWriteMany
claimRef:
namespace: sandbox-pizzly
name: sandbox-pizzly-pv-claim
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
namespace: sandbox-pizzly
name: sandbox-pizzly-pv-claim
labels:
app: products
spec:
storageClassName: azurefile
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: azurefilestorage
provisioner: kubernetes.io/azure-file
parameters:
storageAccount: persistentsapizzly
reclaimPolicy: Retain
---
apiVersion: v1
kind: Secret
metadata:
name: azure-secret
namespace: sandbox-pizzly
type: Opaque
data:
azurestorageaccountname: xxxxxxxxxxxxxxxxxxxxx
azurestorageaccountkey: xxxxxxxxxxxxxxxxxxxxxxxxxxx
如果我尝试在 pod 卡住之前的几秒钟内访问集成文件夹并执行触摸 'test.txt',我将在 Azure 文件存储中找到该文件。
Here what I see few seconds before shell autoclose due to CrashLoopBack
我添加了 Dockerfile:
FROM node:14-slim
WORKDIR /app
# Copy in dependencies for building
COPY *.json ./
COPY yarn.lock ./
# COPY config ./config
COPY integrations ./integrations/
COPY src ./src/
COPY tests ./tests/
COPY views ./views/
RUN yarn install
# Actual image to run from.
FROM node:14-slim
# Make sure we have ca certs for TLS
RUN apt-get update && apt-get install -y \
curl \
wget \
gnupg2 ca-certificates libnss3 \
git
# Make a directory for the node user. Not running Pizzly as root.
RUN mkdir /home/node/app && chown -R node:node /home/node/app
WORKDIR /home/node/app
USER node
# Startup script
COPY --chown=node:node ./startup.sh ./startup.sh
RUN chmod +x ./startup.sh
# COPY from first container
COPY --chown=node:node --from=0 /app/package.json ./package.json
COPY --chown=node:node --from=0 /app/dist/ .
COPY --chown=node:node --from=0 /app/views ./views
COPY --chown=node:node --from=0 /app/node_modules ./node_modules
# Run the startup script
CMD ./startup.sh
这里是 startup.sh 脚本:
#!/bin/sh
# Docker Startup script
# Apply migration
./node_modules/.bin/knex --cwd ./src/lib/database/config migrate:latest
# Start App
node ./src/index.js
你知道我错过了什么或我错了什么吗?
谢谢,
戴夫
嗯,当您将 Azure 文件作为卷装载到 pods 现有文件夹时,我认为您需要了解两件事:
- 它将覆盖现有文件
- 挂载路径会将所有权设置为 root 用户
所以上面的意思是如果你的应用程序将启动依赖于现有的文件,那么它会导致问题。如果您的应用程序使用非 root 用户,例如用户应用程序,那么它也可能会导致问题。这里我猜测问题可能是第一个限制引起的
当我尝试与 kubernetes 卷共享文件夹时,我的部署出现问题。 该文件夹将使用 Azure 文件存储共享。 如果我在不共享文件夹 (/integrations) 的情况下部署我的图像,应用程序将启动。 as shown in the image below the pod via lens is up and running
如果我将文件夹的关系添加到卷,结果是 pod 将卡在错误 with this messagge
这里我放了我的yaml部署:
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: sandbox-pizzly
name: sandbox-pizzly-widget
labels:
app: sandbox-pizzly-widget
product: sandbox-pizzly
app.kubernetes.io/name: "sandbox-pizzly-widget"
app.kubernetes.io/version: "latest"
app.kubernetes.io/managed-by: "xxxx"
app.kubernetes.io/component: "sandbox-pizzly-widget"
app.kubernetes.io/part-of: "sandbox-pizzly"
spec:
replicas: 1
selector:
matchLabels:
app: sandbox-pizzly-widget
template:
metadata:
labels:
app: sandbox-pizzly-widget
spec:
containers:
- name: sandbox-pizzly-widget
image: davidep931/pizzly-proxy:latest
ports:
- containerPort: 8080
env:
- name: NODE_ENV
value: "production"
- name: DASHBOARD_USERNAME
value: "admin"
- name: DASHBOARD_PASSWORD
value: "admin"
- name: SECRET_KEY
value: "devSecretKey"
- name: PUBLISHABLE_KEY
value: "devPubKey"
- name: PROXY_USES_SECRET_KEY_ONLY
value: "FALSE"
- name: COOKIE_SECRET
value: "devCookieSecret"
- name: AUTH_CALLBACK_URL
value: "https://pizzly.mydomain/auth/callback"
- name: DB_HOST
value: "10.x.x.x"
- name: DB_PORT
value: "5432"
- name: DB_DATABASE
value: "postgresdb"
- name: DB_USER
value: "username"
- name: DB_PASSWORD
value: "password"
- name: PORT
value: "8080"
volumeMounts:
- mountPath: "/home/node/app/integrations"
name: pizzlystorage
resources:
requests:
memory: "100Mi"
cpu: "50m"
limits:
cpu: "75m"
memory: "200Mi"
---
apiVersion: v1
kind: Service
metadata:
namespace: sandbox-pizzly
name: sandbox-pizzly-widget
spec:
ports:
- port: 8080
targetPort: 8080
selector:
app: sandbox-pizzly-widget
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: sandbox-pizzly-pv-volume
labels:
type: local
app: products
spec:
storageClassName: azurefile
capacity:
storage: 1Gi
azureFile:
secretName: azure-secret
shareName: sandbox-pizzly-pv
readOnly: false
secretNamespace: sandbox-pizzly
accessModes:
- ReadWriteMany
claimRef:
namespace: sandbox-pizzly
name: sandbox-pizzly-pv-claim
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
namespace: sandbox-pizzly
name: sandbox-pizzly-pv-claim
labels:
app: products
spec:
storageClassName: azurefile
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: azurefilestorage
provisioner: kubernetes.io/azure-file
parameters:
storageAccount: persistentsapizzly
reclaimPolicy: Retain
---
apiVersion: v1
kind: Secret
metadata:
name: azure-secret
namespace: sandbox-pizzly
type: Opaque
data:
azurestorageaccountname: xxxxxxxxxxxxxxxxxxxxx
azurestorageaccountkey: xxxxxxxxxxxxxxxxxxxxxxxxxxx
如果我尝试在 pod 卡住之前的几秒钟内访问集成文件夹并执行触摸 'test.txt',我将在 Azure 文件存储中找到该文件。
Here what I see few seconds before shell autoclose due to CrashLoopBack
我添加了 Dockerfile:
FROM node:14-slim
WORKDIR /app
# Copy in dependencies for building
COPY *.json ./
COPY yarn.lock ./
# COPY config ./config
COPY integrations ./integrations/
COPY src ./src/
COPY tests ./tests/
COPY views ./views/
RUN yarn install
# Actual image to run from.
FROM node:14-slim
# Make sure we have ca certs for TLS
RUN apt-get update && apt-get install -y \
curl \
wget \
gnupg2 ca-certificates libnss3 \
git
# Make a directory for the node user. Not running Pizzly as root.
RUN mkdir /home/node/app && chown -R node:node /home/node/app
WORKDIR /home/node/app
USER node
# Startup script
COPY --chown=node:node ./startup.sh ./startup.sh
RUN chmod +x ./startup.sh
# COPY from first container
COPY --chown=node:node --from=0 /app/package.json ./package.json
COPY --chown=node:node --from=0 /app/dist/ .
COPY --chown=node:node --from=0 /app/views ./views
COPY --chown=node:node --from=0 /app/node_modules ./node_modules
# Run the startup script
CMD ./startup.sh
这里是 startup.sh 脚本:
#!/bin/sh
# Docker Startup script
# Apply migration
./node_modules/.bin/knex --cwd ./src/lib/database/config migrate:latest
# Start App
node ./src/index.js
你知道我错过了什么或我错了什么吗?
谢谢, 戴夫
嗯,当您将 Azure 文件作为卷装载到 pods 现有文件夹时,我认为您需要了解两件事:
- 它将覆盖现有文件
- 挂载路径会将所有权设置为 root 用户
所以上面的意思是如果你的应用程序将启动依赖于现有的文件,那么它会导致问题。如果您的应用程序使用非 root 用户,例如用户应用程序,那么它也可能会导致问题。这里我猜测问题可能是第一个限制引起的