Question

我成功创建了pod shinyinfo-jenkins-pod.yaml和shinyinfo-jenkins-svc.yaml，并且可以看到pod正在运行。在pod yaml文件中，我装入了两个卷。但是如何在pod运行后立即更改pod的目录访问权限？

我使用以下命令：

[master@master1 ~]$ sudo kubectl exec -it shinyinfo-jenkins -- /bin/bash
jenkins@shinyinfo-jenkins:/$
jenkins@shinyinfo-jenkins:/$
jenkins@shinyinfo-jenkins:/$ chmod 777 /var/jenkins_home
chmod: changing permissions of '/var/jenkins_home': Operation not permitted
jenkins@shinyinfo-jenkins:/$ sudo chmod 777 /var/jenkins_home
bash: sudo: command not found
jenkins@shinyinfo-jenkins:/$ su
su: must be run from a terminal

从上面可以看到，我无法更改已安装目录的访问权限。

shinyinfo-jenkins-pod.yaml文件：

apiVersion: v1
kind: Pod
metadata:
 name: shinyinfo-jenkins
 labels:
   app: shinyinfo-jenkins
spec:
 containers:
   - name: shinyinfo-jenkins
     image: shinyinfo_jenkins
     imagePullPolicy: Never
     ports:
       - containerPort: 8080
         containerPort: 50000
     volumeMounts:
     - mountPath: /devops/password
       name: jenkins-password
     - mountPath: /var/jenkins_home
       name: jenkins-home
 volumes:
   - name: jenkins-password
     hostPath:
       path: /jenkins/password
   - name: jenkins-home
     hostPath:
       path: /jenkins

Answer 1

在基础主机上创建的文件或目录只能由root写入。您要么需要以privileged Containe r的根用户身份运行进程，要么需要修改主机上的文件许可权才能写入hostPath卷。（参考：https://kubernetes.io/docs/concepts/storage/volumes/#hostpath）。

要启用特权模式：

spec:
 containers:
   securityContext:
     privileged: true # Processes in privileged containers are essentially equivalent to root on the host.

如何设置pod的文件或目录访问权限？

1 个答案: