我有以下argo工作流,其中添加了securityContext。在运行它之后,它失败了ReadOnlyRootFileSystem错误如下所述。
工作流程如下:
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
generateName: hello-world-
spec:
entrypoint: whalesay
templates:
- name: whalesay
container:
image: docker/whalesay:latest
command: [cowsay]
args: ["hello world"]
securityContext:
readOnlyRootFilesystem: true
,错误如下:
Warning WorkflowNodeError 17s workflow-controller Error node hello-world-tcdbg: admission webhook "validation.gatekeeper.sh" denied the request: [psp-readonlyrootfilesystem] only read-only root filesystem container is allowed: wait
[psp-readonlyrootfilesystem] only read-only root filesystem container is allowed: init
我是在错误的位置使用securityContext还是我错过了什么?解决办法是什么?
尝试在yaml文件中使用init容器:
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
generateName: init-container-
spec:
entrypoint: init-container-example
templates:
- name: init-container-example
container:
image: alpine:latest
command: ["echo", "bye"]
securityContext:
readOnlyRootFilesystem: true
volumeMounts:
- name: foo
mountPath: /foo
initContainers:
- name: hello
image: alpine:latest
command: ["echo", "hello"]
mirrorVolumeMounts: true
volumes:
- name: foo
emptyDir: {}
注意: readOnlyRootFilesystem: true,当spec.os.name为windows时,该字段不能设置。
如果有任何更改和修改,请遵循此yaml查看更多信息。