修改 aks + auzre file & pvc & volume & mysql 关联文件夹的所属用户

问题:mysql 容器中 /var/lib/mysql 执行时需要属于mysql用户

StorageClass

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: smartide-file-storageclass
provisioner: file.csi.azure.com # replace with "kubernetes.io/azure-file" if aks version is less than 1.21
allowVolumeExpansion: true
mountOptions:
  - dir_mode=0700
  - file_mode=0700
  - uid=0
  - gid=0
  - mfsymlinks
  - cache=strict
  - actimeo=30
parameters:
  skuName: Premium_LRS

PVC

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: ruoyi-db-pvc-claim
  namespace: 666fff
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 2Gi
  storageClassName: smartide-file-storageclass-db

解决方案1:(不成功)

正在initContainer中增加chown脚本,修改文件夹权限
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    reuoyi.service: ruoyi-db
  name: ruoyi-db
  namespace: 666fff
spec:
  replicas: 1
  selector:
    matchLabels:
      reuoyi.service: ruoyi-db
  strategy:
    type: Recreate
  template:
    metadata:      
      labels:
        reuoyi.service: ruoyi-db
    spec:
      restartPolicy: Always

      volumes:
        - name: ruoyi-db-pvc-claim-storage
          persistentVolumeClaim:
            claimName: ruoyi-db-pvc-claim      
          #emptyDir: {}     

      containers:
      - name: ruoyi-db
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123"
        image: mysql:5.6

        ports:
        - containerPort: 3306
        volumeMounts:
        - mountPath: /var/lib/mysql
          name: ruoyi-db-pvc-claim-storage
          subPath: smartide-db

      initContainers:
      - name: ruoyi-db-init
        image: mysql:5.6
        imagePullPolicy: IfNotPresent
        securityContext:
          runAsUser: 0
          privileged: true

        command: 
        - sh
        - -c
        - echo 'change owner' && chown -R 999:999 /var/lib/mysql && chgrp 999 /var/lib/mysql && ls -la /var/lib/mysql  #echo `apt install coreutils` && 

        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File

        volumeMounts:
        - mountPath: /var/lib/mysql
          name: ruoyi-db-pvc-claim-storage
          subPath: smartide-db

解决方案2: (不成功)

修改securityContext

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    reuoyi.service: ruoyi-db
  name: ruoyi-db
  namespace: 666fff
spec:
  replicas: 1
  selector:
    matchLabels:
      reuoyi.service: ruoyi-db
  strategy:
    type: Recreate
  template:
    metadata:      
      labels:
         reuoyi.service: ruoyi-db
    spec:
      restartPolicy: Always

      volumes:
        - name: ruoyi-db-pvc-claim-storage
          persistentVolumeClaim:
            claimName: ruoyi-db-pvc-claim      
          #emptyDir: {}

      securityContext:
        fsGroup: 999      # 修改文件夹所属用户组为mysql
        runAsUser: 999    # 修改容器中的运行用户为mysql

      containers:

      - name: ruoyi-db
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123"
        image: mysql:5.6

        securityContext:
          runAsUser: 999
          allowPrivilegeEscalation: false

        args:
          - --default-authentication-plugin=mysql_native_password
          - --character-set-server=utf8mb4
          - --collation-server=utf8mb4_unicode_ci

        ports:
        - containerPort: 3306
        volumeMounts:
        - mountPath: /var/lib/mysql
          name: ruoyi-db-pvc-claim-storage
          subPath: smartide-db

解决方案3: (成功)

修改storageClass中的执行用户及组

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: smartide-file-storageclass
provisioner: file.csi.azure.com # replace with "kubernetes.io/azure-file" if aks version is less than 1.21
allowVolumeExpansion: true
mountOptions:
  - dir_mode=0700
  - file_mode=0700
  - uid=999
  - gid=999
  - mfsymlinks
  - cache=strict
  - actimeo=30
parameters:
  skuName: Premium_LRS

参考:

posted @ 2022-07-07 22:03  远方V3  阅读(65)  评论(0编辑  收藏  举报