我成功创建了podshinyinfo-jenkins-pod.yaml和shinyinfo-jenkins-svc.yaml,我可以看到pod正在运行。在pod yaml文件中,我装载了两个卷。但是如何在pod运行后立即更改pod的目录访问权限呢?
我使用如下命令:
[master@master1 ~]$ sudo kubectl exec -it shinyinfo-jenkins -- /bin/bash
jenkins@shinyinfo-jenkins:/$
jenkins@shinyinfo-jenkins:/$
jenkins@shinyinfo-jenkins:/$ chmod 777 /var/jenkins_home
chmod: changing permissions of '/var/jenkins_home': Operation not permitted
jenkins@shinyinfo-jenkins:/$ sudo chmod 777 /var/jenkins_home
bash: sudo: command not found
jenkins@shinyinfo-jenkins:/$ su
su: must be run from a terminal
从上面可以看出,我没有办法更改挂载目录的访问权限。
shininfo-jenkins-pod.yaml文件:
apiVersion: v1
kind: Pod
metadata:
name: shinyinfo-jenkins
labels:
app: shinyinfo-jenkins
spec:
containers:
- name: shinyinfo-jenkins
image: shinyinfo_jenkins
imagePullPolicy: Never
ports:
- containerPort: 8080
containerPort: 50000
volumeMounts:
- mountPath: /devops/password
name: jenkins-password
- mountPath: /var/jenkins_home
name: jenkins-home
volumes:
- name: jenkins-password
hostPath:
path: /jenkins/password
- name: jenkins-home
hostPath:
path: /jenkins
在底层主机上创建的文件或目录只能由root用户写入。您需要在特权容器中以root身份运行进程,或者修改主机上的文件权限,以便能够写入hostPath卷。(参考:https://kubernetes.io/docs/concepts/storage/volumes/#hostpath)。
启用特权模式:
spec:
containers:
securityContext:
privileged: true # Processes in privileged containers are essentially equivalent to root on the host.