作为 root:工件创建的卷装载，尽管提供了安全上下文

问题：将 Artifactory 部署为 Kubernetes 中的部署。VolumeMounts 正在作为 drwxr-sr-x 的 root：artifact 和权限进行挂载

/var/opt/jfrog/artifactory
drwxr-sr-x    2 root     artifact      4096 Jan 24 17:52 etc
/var/opt/jfrog/artifactory/etc
-rw-r--r--    1 root     artifact      1048 Jan 24 17:48 artifactory.config.import.yml
-rw-r--r--    1 root     artifact     12703 Jan 24 17:48 artifactory.system.properties

预期：卷装载应作为项目装载 项目：具有读写权限的项目

由于限制，Kubernetes 清单文件不完整

spec:
securityContext:
runAsUser: 1030
runAsGroup: 1030
fsGroup: 1030
volumeMounts:
- name: artifactory-volume
mountPath: "/var/opt/jfrog/artifactory"
- name: bootstrap
mountPath: "/var/opt/jfrog/artifactory/etc/artifactory.config.import.yml"
subPath: bootstrap
- name: artifactory-system-properties
mountPath: "/var/opt/jfrog/artifactory/etc/artifactory.system.properties"
subPath: artifactory.system.properties
resources:
limits:
cpu: "3"
memory: 6Gi
requests:
cpu: "2"
memory: 4Gi

volumes:
- name: bootstrap
secret:
secretName: artifactory6170-artifactory
- name: artifactory-system-properties
configMap:
name: artifactory6170-artifactory-system-properties
- name: artifactory-volume
persistentVolumeClaim:
claimName: artifactory6170-artifactory

Kubernetes 版本：

Server Version: version.Info{
Major: "1",
Minor: "14",
GitVersion: "v1.14.1",
GitCommit: "b7394102d6ef778017f2ca4046abbaa23b88c290",
GitTreeState: "clean",
BuildDate: "2019-04-08T17:02:58Z",
GoVersion: "go1.12.1",
Compiler: "gc",
Platform: "linux/amd64"
}

我相信安全上下文涵盖了所需的

runAsUser: 1030

以 1030 身份运行进程

runAsGroup: 1030

指定 runAsGroup 时，创建的任何文件也将归用户 1030 和组 1030 所有。 运行

fsGroup: 1030

附加的任何卷的所有者将是组 ID 1099 的所有者。

码头工人文件路径

不知道为什么容器会出现错误的用户所有权，任何帮助将不胜感激。

错误：

kubectl logs artifactory6170-artifactory-756cffb9-68zjj
2020-01-26 12:28:13  [719 entrypoint-artifactory.sh] Preparing to run Artifactory in Docker
2020-01-26 12:28:13  [720 entrypoint-artifactory.sh] Running as uid=1030(artifactory) gid=1030(artifactory) groups=1030(artifactory)
2020-01-26 12:28:13   [57 entrypoint-artifactory.sh] Dockerfile for this image can found inside the container.
2020-01-26 12:28:13   [58 entrypoint-artifactory.sh] To view the Dockerfile: 'cat /docker/artifactory-pro/Dockerfile.artifactory'.
2020-01-26 12:28:13   [63 entrypoint-artifactory.sh] Checking open files and processes limits
2020-01-26 12:28:13   [66 entrypoint-artifactory.sh] Current max open files is 1048576
2020-01-26 12:28:13   [78 entrypoint-artifactory.sh] Current max open processes is unlimited
2020-01-26 12:31:13  [211 entrypoint-artifactory.sh] Testing directory /var/opt/jfrog/artifactory has read/write permissions for user 'artifactory' (id 1030)
/entrypoint-artifactory.sh: line 180: /var/opt/jfrog/artifactory/etc/test-permissions: Permission denied
2020-01-26 12:31:13  [229 entrypoint-artifactory.sh] ###########################################################
2020-01-26 12:31:13  [230 entrypoint-artifactory.sh] /var/opt/jfrog/artifactory DOES NOT have proper permissions for user 'artifactory' (id 1030)
2020-01-26 12:31:13  [231 entrypoint-artifactory.sh] Directory: /var/opt/jfrog/artifactory, permissions: 2775, owner: artifactory, group: artifactory
2020-01-26 12:31:13  [232 entrypoint-artifactory.sh] Mounted directory must have read/write permissions for user 'artifactory' (id 1030)
2020-01-26 12:31:13  [233 entrypoint-artifactory.sh] ###########################################################
2020-01-26 12:31:13   [47 entrypoint-artifactory.sh] ERROR: Directory /var/opt/jfrog/artifactory has bad permissions for user 'artifactory' (id 1030)