我有一个在 kubernetes 中以非 root 身份运行的 nginx 映像(用户为 nginx UID 101 GID 101)。此映像也已gcsfuse安装在其中。
由于镜像以nginx用户身份运行,我希望该用户安装一个 GCS 存储桶。当我尝试这样做时,它失败了
nginx@clamav-mirror-frontend-f5f6f8f8-9hlgs:/$ id
uid=101(nginx) gid=101(nginx) groups=101(nginx)
nginx@clamav-mirror-frontend-f5f6f8f8-9hlgs:/$ gcsfuse test-clamav-mirror /data
2021/12/08 20:09:42.144896 Start gcsfuse/0.38.0 (Go version go1.17.3) for app "" using mount point: /data
2021/12/08 20:09:42.261297 Opening GCS connection...
2021/12/08 20:09:42.588103 Mounting file system "test-clamav-mirror"...
daemonize.Run: readFromProcess: sub-process: mountWithArgs: mountWithConn: Mount: mount: running /bin/fusermount: exit status 1
我经历过文档并尝试了以下但结果相同
nginx@clamav-mirror-frontend-f5f6f8f8-9hlgs:/$ gcsfuse -o rw,_netdev,allow_other,uid=101,gid=101 test-clamav-mirror /data
2021/12/08 20:10:22.460757 Start gcsfuse/0.38.0 (Go version go1.17.3) for app "" using mount point: /data
2021/12/08 20:10:22.562672 Opening GCS connection...
2021/12/08 20:10:22.959742 Mounting file system "test-clamav-mirror"...
daemonize.Run: readFromProcess: sub-process: mountWithArgs: mountWithConn: Mount: mount: running /bin/fusermount: exit status 1
这是否可能?或者我缺少一些配置?
答案1
弄清楚了。
我想要挂载存储桶的路径/data需要由ngnix用户拥有。它之前由 拥有root。在我授予它所有权的那一刻,nginx它现在已成功挂载。