使用Google Cloud SDK在GCS桶上上传数据时,Kubernetes cronjob出现错误

bqf10yzr  于 2023-02-03  发布在  Kubernetes
关注(0)|答案(1)|浏览(177)
**Yaml for kubernetes that is first used to create raft backup and then upload into gas bucket**

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  labels:
    app.kubernetes.io/component: raft-backup
    numenapp: raft-backup
  name: raft-backup
  namespace: raft-backup
spec:
  concurrencyPolicy: Forbid
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      template:
        metadata:
          annotations:
            vault.security.banzaicloud.io/vault-addr: https://vault.vault-internal.net:8200
          labels:
            app.kubernetes.io/component: raft-backup
        spec:
          containers:
          - args:
              - |
                SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token);
                export VAULT_TOKEN=$(vault write -field=token auth/kubernetes/login jwt=$SA_TOKEN role=raft-backup);
                vault operator raft snapshot save /share/vault-raft.snap;
                echo "snapshot is success"
            command: ["/bin/sh", "-c"]
            env:
            - name: VAULT_ADDR
              value: https://vault.vault-internl.net:8200
            image: vault:1.10.9
            imagePullPolicy: Always
            name: snapshot
            volumeMounts:
            - mountPath: /share
              name: share
          - args:
            - -ec
            - sleep 500
            - "until [ -f /share/vault-raft.snap ]; do sleep 5; done;\ngsutil cp /share/vault-raft.snap\
              \ gs://raft-backup/vault_raft_$(date +\"\
              %Y%m%d_%H%M%S\").snap;\n"
            command:
            - /bin/sh
            image: gcr.io/google.com/cloudsdktool/google-cloud-cli:latest
            imagePullPolicy: IfNotPresent
            name: upload
            securityContext:
              allowPrivilegeEscalation: false
            volumeMounts:
            - mountPath: /share
              name: share
          restartPolicy: OnFailure
          securityContext:
            fsGroup: 1000
            runAsGroup: 1000
            runAsUser: 1000
          serviceAccountName: raft-backup
          volumes:
          - emptyDir: {}
            name: share
  schedule: '*/3 * * * *'
  startingDeadlineSeconds: 60
  successfulJobsHistoryLimit: 3
  suspend: false

在上载pod中运行gsutil命令时出错

$ gsutil回溯(最近调用最后):文件“/usr/lib/google-cloud-sdk/lib/googlelousdk/core/配置/命名配置.py”,第172行,在动态配置中返回动态配置(强制创建=True)文件“/usr/lib/google-cloud-sdk/lib/googlelousdk/core/配置/命名配置.py”,第492行,在动态配置中配置名称=创建默认配置(强制创建)文件“/usr/lib/google-cloud-sdk/lib/googlelousdk/core/配置/命名配置.py”,第640行,在_创建默认配置文件_实用程序中。MakeDir(路径。命名配置目录)文件“/usr/lib/google-cloud-sdk/lib/google-cloud-sdk/core/util/files.py“,第125行,在makeDir操作系统中。makedirs(路径,模式=mode)文件“/usr/bin/../lib/google-cloud-sdk/platform/捆绑的pythonunix/lib/python3.9/os.py“,第215行,在makedirs操作系统中(文件头,存在_确定=存在_确定)文件“/usr/bin/../lib/google-cloud-sdk/platform/捆绑的pythonunix/lib/python3.9/os.py”,第215行,位于制作目录制作目录(文件头,存在_确定=存在_确定)文件“/usr/bin/../lib/google-cloud-sdk/platform/捆绑的pythonunix/lib/python3.9/os.py”,第225行,位于制作目录制作目录(名称,模式)操作系统错误:[Errno 30]只读文件系统:“/home/cloudsdk/.config”$命令已终止,退出代码为137

pjngdqdw

pjngdqdw1#

OSError: [Errno 30] Read-only file system: '/home/cloudsdk/.config' $ command terminated with exit code 137
看来你没有给你的cronJob足够的权限。
尝试更改:

securityContext:
  fsGroup: 1000
  runAsGroup: 1000
  runAsUser: 1000

签署人:

securityContext:
  privileged: true

告诉我它是否有效,我们可以讨论它。
编辑以获得完整答复:
使用此apiVersion: batch/v1代替apiVersion: batch/v1beta1

相关问题