提问人:blekione 提问时间:12/16/2017 最后编辑:blekione 更新时间:10/16/2019 访问量:3566
如何在kubernetes中部署时覆盖文件?
How to overwrite file at a deployment time in kubernetes?
问:
我正在尝试在 kubernetes 中部署 Diffusion 映像,我需要在部署时覆盖其中一个 Diffusion 配置文件。
实际上,它是一个具有默认凭据的文件。我正在秘密存储新文件并将其挂载到其中,可以在下面的部署文件中看到。SystemAuthentication.store/opt/Diffusion6.0.3_01/etc/etc/test/
template:
metadata:
labels:
run: diffusion
spec:
serviceAccountName: diffusion-role
volumes:
- name: diffusion-secrets
secret:
secretName: diffusion-license
- name: ssl-cert
secret:
secretName: ssl-certificate
- name: system-authentication
secret:
secretName: system-authentication-store
containers:
- image: pushtechnology/diffusion:6.0.3
imagePullPolicy: IfNotPresent
name: diffusion
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8443
protocol: TCP
volumeMounts:
- name: diffusion-secrets
mountPath: /etc/diffusion-secrets
readOnly: true
- name: ssl-cert
mountPath: /etc/test/
readOnly: true
- name: system-authentication
mountPath: /etc/test/
command: [ "/bin/sh", "-c", "cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01" ]
当我部署此映像时,Pod 失败并显示
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m default-scheduler Successfully assigned diffusion-db6d6df7b-f5tp4 to timmy.pushtechnology.com
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "diffusion-role-token-n59ds"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "ssl-cert"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "system-authentication"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "diffusion-secrets"
Normal Killing 1m (x2 over 1m) kubelet, timmy.pushtechnology.com Killing container with id docker://diffusion:FailedPostStartHook
Warning BackOff 1m (x2 over 1m) kubelet, timmy.pushtechnology.com Back-off restarting failed container
Normal Pulled 1m (x3 over 2m) kubelet, timmy.pushtechnology.com Container image "pushtechnology/diffusion:6.0.3" already present on machine
Normal Created 1m (x3 over 1m) kubelet, timmy.pushtechnology.com Created container
Normal Started 1m (x3 over 1m) kubelet, timmy.pushtechnology.com Started container
Warning FailedPostStartHook 1m (x3 over 1m) kubelet, timmy.pushtechnology.com
Warning FailedSync 1m (x5 over 1m) kubelet, timmy.pushtechnology.com Error syncing pod
我也尝试过这里描述的工作:https://github.com/kubernetes/kubernetes/issues/19764#issuecomment-269879587
结果相同。
答:
3赞
svenwltr
12/16/2017
#1
您用 覆盖了容器命令,这是一个在完成后带有退出的命令。Kubernetes 假设这是失败的。cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01
您需要将其替换为类似 的命令,其中最后一个命令是图像在不覆盖命令的情况下启动的命令。这取决于您的图像。cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01 && /path/to/original/binary
-1赞
blekione
12/17/2017
#2
我认为@svenwtl答案可能是正确的,但是我正在使用的映像有一些复杂的结构,我不知道如何在部署文件中使用。
对我有用的修复(经过长时间的尝试/失败循环)是实际使用容器生命周期钩子:Dockerfile
volumeMounts:
- name: diffusion-secrets
mountPath: /etc/diffusion-secrets
readOnly: true
- name: ssl-cert
mountPath: /etc/test/
readOnly: true
- name: system-authentication
mountPath: /etc/test1/
lifecycle:
postStart:
exec:
command: [ "/bin/sh", "-c", "cp -f /etc/test1/SystemAuthentication.store /opt/Diffusion6.0.3_01/etc/" ]
我还在不同的文件夹中挂载了SystemAuthentication,但我认为这不是修复的一部分。/etc/test1
评论
2赞
svenwltr
12/17/2017
请注意,postStart 是在实际进程启动后执行的。
0赞
blekione
12/17/2017
是的,我明白这一点,顾名思义,建议“发布开始”。我不认为上面是最微妙的解决方案,但它在我的情况下有效。我也尝试在其他地方使用建议的解决方案,但它只工作了一半。subPath
上一个:资源关闭的差异
下一个:从 JSON 获取元素集合
评论