我试图将fsGroup添加到Job没有运气,生成的Pod在安全上下文中不包含fsGroup。 Kube作业是否允许指定fsGroup,然后传播到生成的Pod?
答案 0 :(得分:0)
我使用Kubernetes 1.4并成功创建了fsGroup的作业。也许你在清单中错放了fsGroup?这是我的表现:
apiVersion: batch/v1
kind: Job
metadata:
name: hello-world
spec:
template:
metadata:
name: hello-world
spec:
containers:
- name: hello-world-container
image: hello-world
securityContext:
fsGroup: 1234
restartPolicy: OnFailure
kubectl describe job hello-world的输出:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
4m 4m 1 {job-controller } Normal SuccessfulCreate Created pod: hello-world-yzyz7
kubectl get pod hello-world-yzyz7 -o yaml | grep fsGroup的输出:
fsGroup: 1234