我从容器中收到此错误:
无法写出更新,错误:打开/etc/secrets/postgresql.secret:权限被拒绝
这是我的上班时间yml's:
volumeclain.yaml:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: sidekick-backend-volumeclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
pod.yml:
apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: sidekick-config
name: sidekick-config
spec:
replicas: 1
template:
metadata:
labels:
app: vault-sidekick
spec:
containers:
- image: quay.io/ukhomeofficedigital/vault-sidekick:latest
name: sidekick
args:
- -cn=secret:openshift/postgresql:env=USERNAME
- -logtostderr=true
- -tls-skip-verify
env:
- name: VAULT_ADDR
value: "https://vault.vault-sidekick.svc:8200"
- name: VAULT_TOKEN
value: "34f8e679-3fbd-77b4-5de9-68b99217cc02"
volumeMounts:
- name: sidekick-backend-volume
mountPath: /etc/secrets
readOnly: false
volumes:
- name: sidekick-backend-volume
persistentVolumeClaim:
claimName: sidekick-backend-volumeclaim
此容器正在使用vault用户,但是:
$ ls /etc
drwxrwx--- 2 root root 4096 Jun 20 07:02 secrets
很显然,vault用户无法在此处书写。有什么想法吗?