我正在尝试在kubernetes中部署Diffusion图像,我需要在部署时覆盖其中一个Diffusion配置文件。
实际上它是SystemAuthentication.store文件,默认凭据位于/opt/Diffusion6.0.3_01/etc/。我正在秘密存储新文件并将其挂载到etc/test/,这可以在下面的部署文件中看到。
template:
metadata:
labels:
run: diffusion
spec:
serviceAccountName: diffusion-role
volumes:
- name: diffusion-secrets
secret:
secretName: diffusion-license
- name: ssl-cert
secret:
secretName: ssl-certificate
- name: system-authentication
secret:
secretName: system-authentication-store
containers:
- image: pushtechnology/diffusion:6.0.3
imagePullPolicy: IfNotPresent
name: diffusion
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8443
protocol: TCP
volumeMounts:
- name: diffusion-secrets
mountPath: /etc/diffusion-secrets
readOnly: true
- name: ssl-cert
mountPath: /etc/test/
readOnly: true
- name: system-authentication
mountPath: /etc/test/
command: [ "/bin/sh", "-c", "cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01" ]
当我部署此图像时,pod正在失败
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m default-scheduler Successfully assigned diffusion-db6d6df7b-f5tp4 to timmy.pushtechnology.com
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "diffusion-role-token-n59ds"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "ssl-cert"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "system-authentication"
Normal SuccessfulMountVolume 2m kubelet, timmy.pushtechnology.com MountVolume.SetUp succeeded for volume "diffusion-secrets"
Normal Killing 1m (x2 over 1m) kubelet, timmy.pushtechnology.com Killing container with id docker://diffusion:FailedPostStartHook
Warning BackOff 1m (x2 over 1m) kubelet, timmy.pushtechnology.com Back-off restarting failed container
Normal Pulled 1m (x3 over 2m) kubelet, timmy.pushtechnology.com Container image "pushtechnology/diffusion:6.0.3" already present on machine
Normal Created 1m (x3 over 1m) kubelet, timmy.pushtechnology.com Created container
Normal Started 1m (x3 over 1m) kubelet, timmy.pushtechnology.com Started container
Warning FailedPostStartHook 1m (x3 over 1m) kubelet, timmy.pushtechnology.com
Warning FailedSync 1m (x5 over 1m) kubelet, timmy.pushtechnology.com Error syncing pod
我也试过这里描述的workaruond:https://github.com/kubernetes/kubernetes/issues/19764#issuecomment-269879587
结果相同。
答案 0 :(得分:2)
您使用cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01覆盖了容器命令,这是一个完成后退出的命令。 Kubernetes认为这是一次失败。
您需要将其替换为cp etc/test/SystemAuthentication.store /opt/DIffusion6.0.3_01 && /path/to/original/binary之类的内容,其中最后一个命令是图像将在没有覆盖命令的情况下启动的命令。这取决于你的形象。
答案 1 :(得分:-1)
我认为@svenwtl answer可能是正确的,但我使用的Dockerfile图像有一些复杂的构造,我不知道如何在部署文件中使用。
对我有用的修复(经过长时间的尝试/失败循环)实际上是使用容器生命周期钩子:
volumeMounts:
- name: diffusion-secrets
mountPath: /etc/diffusion-secrets
readOnly: true
- name: ssl-cert
mountPath: /etc/test/
readOnly: true
- name: system-authentication
mountPath: /etc/test1/
lifecycle:
postStart:
exec:
command: [ "/bin/sh", "-c", "cp -f /etc/test1/SystemAuthentication.store /opt/Diffusion6.0.3_01/etc/" ]
我还在不同的文件夹/etc/test1中安装了SystemAuthentication,但我不认为这是修复程序的一部分。