问题描述
当我尝试与 kubernetes 卷共享文件夹时,我的部署出现问题。 该文件夹将使用 Azure 文件存储进行共享。 如果我在不共享文件夹 (/integrations) 的情况下部署我的图像,则应用程序将启动。 as shown in the image below the pod via lens is up and running
如果我将文件夹的关系添加到卷,结果是 pod 将卡在错误 with this messagge
这里我放了我的 yaml 部署:
apiVersion: apps/v1
kind: Deployment
Metadata:
namespace: sandBox-pizzly
name: sandBox-pizzly-widget
labels:
app: sandBox-pizzly-widget
product: sandBox-pizzly
app.kubernetes.io/name: "sandBox-pizzly-widget"
app.kubernetes.io/version: "latest"
app.kubernetes.io/managed-by: "xxxx"
app.kubernetes.io/component: "sandBox-pizzly-widget"
app.kubernetes.io/part-of: "sandBox-pizzly"
spec:
replicas: 1
selector:
matchLabels:
app: sandBox-pizzly-widget
template:
Metadata:
labels:
app: sandBox-pizzly-widget
spec:
containers:
- name: sandBox-pizzly-widget
image: davidep931/pizzly-proxy:latest
ports:
- containerPort: 8080
env:
- name: NODE_ENV
value: "production"
- name: DASHBOARD_USERNAME
value: "admin"
- name: DASHBOARD_PASSWORD
value: "admin"
- name: SECRET_KEY
value: "devSecretKey"
- name: PUBLISHABLE_KEY
value: "devPubKey"
- name: PROXY_USES_SECRET_KEY_ONLY
value: "FALSE"
- name: COOKIE_SECRET
value: "devCookieSecret"
- name: AUTH_CALLBACK_URL
value: "https://pizzly.mydomain/auth/callback"
- name: DB_HOST
value: "10.x.x.x"
- name: DB_PORT
value: "5432"
- name: DB_DATABASE
value: "postgresdb"
- name: DB_USER
value: "username"
- name: DB_PASSWORD
value: "password"
- name: PORT
value: "8080"
volumeMounts:
- mountPath: "/home/node/app/integrations"
name: pizzlystorage
resources:
requests:
memory: "100Mi"
cpu: "50m"
limits:
cpu: "75m"
memory: "200Mi"
---
apiVersion: v1
kind: Service
Metadata:
namespace: sandBox-pizzly
name: sandBox-pizzly-widget
spec:
ports:
- port: 8080
targetPort: 8080
selector:
app: sandBox-pizzly-widget
---
kind: PersistentVolume
apiVersion: v1
Metadata:
name: sandBox-pizzly-pv-volume
labels:
type: local
app: products
spec:
storageClassName: azurefile
capacity:
storage: 1Gi
azureFile:
secretName: azure-secret
shareName: sandBox-pizzly-pv
readOnly: false
secretNamespace: sandBox-pizzly
accessModes:
- ReadWriteMany
claimRef:
namespace: sandBox-pizzly
name: sandBox-pizzly-pv-claim
---
kind: PersistentVolumeClaim
apiVersion: v1
Metadata:
namespace: sandBox-pizzly
name: sandBox-pizzly-pv-claim
labels:
app: products
spec:
storageClassName: azurefile
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
Metadata:
name: azurefilestorage
provisioner: kubernetes.io/azure-file
parameters:
storageAccount: persistentsapizzly
reclaimPolicy: Retain
---
apiVersion: v1
kind: Secret
Metadata:
name: azure-secret
namespace: sandBox-pizzly
type: Opaque
data:
azurestorageaccountname: xxxxxxxxxxxxxxxxxxxxx
azurestorageaccountkey: xxxxxxxxxxxxxxxxxxxxxxxxxxx
如果我在 pod 卡住前几秒钟尝试访问集成文件夹并执行触摸“test.txt”,我将在 Azure 文件存储中找到该文件。
Here what I see few seconds before shell autoclose due to CrashLoopBack
我添加了 Dockerfile:
FROM node:14-slim
workdir /app
# copy in dependencies for building
copY *.json ./
copY yarn.lock ./
# copY config ./config
copY integrations ./integrations/
copY src ./src/
copY tests ./tests/
copY views ./views/
RUN yarn install
# Actual image to run from.
FROM node:14-slim
# Make sure we have ca certs for TLS
RUN apt-get update && apt-get install -y \
curl \
wget \
gnupg2 ca-certificates libnss3 \
git
# Make a directory for the node user. Not running Pizzly as root.
RUN mkdir /home/node/app && chown -R node:node /home/node/app
workdir /home/node/app
USER node
# Startup script
copY --chown=node:node ./startup.sh ./startup.sh
RUN chmod +x ./startup.sh
# copY from first container
copY --chown=node:node --from=0 /app/package.json ./package.json
copY --chown=node:node --from=0 /app/dist/ .
copY --chown=node:node --from=0 /app/views ./views
copY --chown=node:node --from=0 /app/node_modules ./node_modules
# Run the startup script
CMD ./startup.sh
这里是startup.sh脚本:
#!/bin/sh
# Docker Startup script
# Apply migration
./node_modules/.bin/knex --cwd ./src/lib/database/config migrate:latest
# Start App
node ./src/index.js
你知道我错过了什么或我错了吗?
谢谢, 戴夫。
解决方法
好吧,当您将 Azure 文件作为卷挂载到 pods 现有文件夹时,我认为您需要了解两件事:
- 它将覆盖现有文件
- 挂载路径会将所有权设置为 root 用户
所以上面的意思是如果你的应用程序启动依赖于现有的文件,那么它就会导致问题。如果您的应用程序使用非 root 用户,例如用户应用程序,那么它也可能会导致问题。这里我猜可能是第一个限制导致的问题。