kubernetes readOnlyRootFilesystem阻止我的代码写入日志

a9wyjsp7  于 2023-01-29  发布在  Kubernetes
关注(0)|答案(1)|浏览(136)

我在部署中添加了readOnlyRootFilesystem: true,但运行代码时出现以下错误:

OSError: [Errno30] Read-only file system: '/project/logs/dbt.log'

/project/logs/dbt.log不是根路径。
知道为什么会这样吗?
下面是我使用的更详细的清单:

spec:
  containers:
    .
    .
    .
    .     
    securityContext:
      capabilities:
        drop:
        - ALL
      privileged: false
      readOnlyRootFilesystem: true
      runAsNonRoot: true
    .
    .
    .
    .      
  securityContext:
    fsGroup: 2000
    runAsNonRoot: true
    runAsUser: 101
gojuced7

gojuced71#

您可以挂载一个临时卷(与您的pod相同的使用寿命)以避免写入root:

spec:
  volumes:
  - name: logs
    emptyDir: {}

  containers:
  .
  .
    securityContext:
      capabilities:
        drop:
        - ALL
      privileged: false
      readOnlyRootFilesystem: true
      runAsNonRoot: true
    volumeMounts:
    - name: logs
      mountPath: /project/logs

相关问题