英文:
Kubernetes pod: "Operation not permitted" while trying to access a mounted volume
问题
我正在运行 Windows 10 上的 Docker Desktop 4.10,启用了 K8s。我通过 Helm 3.12 使用 helm chart 部署了以下 k8s 资源:
apiVersion: v1
kind: PersistentVolume
metadata:
name: fab-rabbitmq
labels:
type: mydata
spec:
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
storageClassName: hostpath
hostPath:
path: /c/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc1
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storageClassName: hostpath
selector:
matchLabels:
type: "mydata"
---
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: myfrontend
image: nginx
volumeMounts:
- mountPath: "/mydata"
name: vol1
volumes:
- name: vol1
persistentVolumeClaim:
claimName: pvc1
在部署图表后,Pod 正确运行,PVC 绑定到 PV。我还将 Windows 安全权限设置为 C:\data 上的 Everyone 具有完全控制权。
然而,当我访问 Pod 并尝试列出文件夹中的文件时,我收到以下错误:
kubectl exec -it pod1 bash
# ls -la mydata
ls: reading directory 'mydata': Operation not permitted
我似乎找不到真正访问挂载文件夹的方法。
当我尝试使用 docker run -v /c/data:/mydata nginx
运行一个简单的容器并访问 /mydata 时,它可以工作。
你有什么想法,我做错了什么?
英文:
I am running Docker Desktop 4.10 on Windows 10, with K8s enabled. I have the following k8s resources deployed through a helm chart, using Helm 3.12:
apiVersion: v1
kind: PersistentVolume
metadata:
name: fab-rabbitmq
labels:
type: mydata
spec:
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
storageClassName: hostpath
hostPath:
path: /c/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc1
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storageClassName: hostpath
selector:
matchLabels:
type: "mydata"
---
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: myfrontend
image: nginx
volumeMounts:
- mountPath: "/mydata"
name: vol1
volumes:
- name: vol1
persistentVolumeClaim:
claimName: pvc1
After deploying the chart, the pod runs correctly, the PVC is bound to the PV. I also set Windows security permissions to Everyone-full control on C:\data.
However, when I access the pod and try to list the files in the folder, I get the following error:
kubectl exec -it pod1 bash
# ls -la mydata
ls: reading directory 'mydata': Operation not permitted
I can't seem to find a way to really have access to the mounted folder.
When I try to run a simple container using docker run -v /c/data:/mydata nginx
and access /mydata, it works.
Any ideas what I am doing wrong?
答案1
得分: 1
我在这里和这里找到了解释。在Minikube中运行时,“主机路径”实际上不是物理主机上的路径,而是Minikube节点内的路径。这是因为Minikube实际上是所有Pod的主机(因此它们的节点)。所以基本上,正确执行这个操作的步骤如下:
- 通过运行
minimuke start --mount --mount-string=C:\myfolder:/folder/in/minikube
确保物理路径在Minikube内挂载。 - 在设置PV时,指定:
hostPath.path: /folder/in/minikube:/folder/in/pod
英文:
I found the explanation here and here. When running in Minikube, the "host path" is not actually the path on the physical host but rather a path inside the Minikube node. That's because Minikube IS actually the host of all pods (hence their node). So basically, the steps to do this correctly are:
- Ensure the physical path is mounted inside Minikube by running
minimuke start --mount --mount-string=C:\myfolder:/folder/in/minikube
- When setting up the PV, specify:
hostPath.path: /folder/in/minikube:/folder/in/pod
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论