我目前正在尝试编辑 k3s 上的 AWX 部署。目标是添加 PVC 作为卷挂载,以便我拥有持久存储,可以从 Ansible 任务中写入文件。PVC 挂载到每个附加卷的文档。但是,当我尝试在 volumeMount 上init_container_extra_commands使用时,出现了权限错误。chmod 775 && chgrp 1000
我尝试过更改 AWX securityContext 以特权身份运行、以 root 身份运行、以 awx uid 和 guid 身份运行、将 fsGroup 更改为 1000(awx guid)。到目前为止,我还无法挂载卷,然后更改权限。
下面是我的 AWX.yaml
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
spec:
# These parameters are designed for use with:
# - AWX Operator: 2.0.0
# https://github.com/ansible/awx-operator/blob/2.0.0/README.md
# - AWX: 22.0.0
# https://github.com/ansible/awx/blob/22.0.0/INSTALL.md
admin_user: admin
admin_password_secret: awx-admin-password
ingress_type: ingress
ingress_tls_secret: awx-secret-tls
hostname: awx.awx.org
bundle_cacert_secret: awx-custom-certs
postgres_configuration_secret: awx-postgres-configuration
postgres_storage_class: awx-postgres-volume
postgres_storage_requirements:
requests:
storage: 8Gi
projects_persistence: true
projects_existing_claim: awx-projects-claim
web_replicas: 1
task_replicas: 1
postgres_init_container_resource_requirements: {}
postgres_resource_requirements: {}
web_resource_requirements: {}
task_resource_requirements: {}
ee_resource_requirements: {}
init_container_resource_requirements: {}
extra_volumes: |
- name: cert-storage
persistentVolumeClaim:
claimName: awx-cert-storage-claim
task_extra_volume_mounts: |
- name: cert-storage
mountPath: /data/cert-storage
init_container_extra_volume_mounts: |
- name: cert-storage
mountPath: /data/cert-storage
init_container_extra_commands: |
chmod 775 /data/cert-storage
chgrp 1000 /data/cert-storage
# Uncomment to reveal "censored" logs
no_log: false