docker - 使用Kubernetes ConfigMap加载时elasticsearch.yml是只读的

Question

我正在尝试在使用Kubernetes安装ElasticSearch时使用elasticsearch.yml加载ConfigMap文件。

kubectl create configmap elastic-config --from-file=./elasticsearch.yml

elasticsearch.yml文件以 root作为其所有者和只读权限( https://github.com/kubernetes/kubernetes/issues/62099)加载到容器中。由于ElasticSearch不会以 root所有权开头，因此pod崩溃了。

解决方法是，我尝试将 ConfigMap挂载到其他文件，然后使用 config将其复制到 initContainer目录。但是， config目录中的文件似乎没有更新。
有什么我想念的东西吗？或者有其他方法可以做到这一点吗？

ElasticSearch Kubernetes StatefulSet:

apiVersion: apps/v1
kind: StatefulSet
metadata: 
  name: es-cluster
  labels:
    app: elasticservice
spec:
  serviceName: elasticsearch
  replicas: 1
  selector: 
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      containers:
      - name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:6.5.4
        resources:
          limits:
            cpu: 1000m
          requests: 
            cpu: 100m
        ports:
        - containerPort: 9200
          name: rest
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: elastic-config-vol
          mountPath: /tmp/elasticsearch
        - name:  elastic-storage
          mountPath: /usr/share/elasticsearch/data
        env:
          - name: cluster.name
            value: docker-elastic
          - name: node.name
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: discovery.zen.ping.unicast.hosts
            value: "elastic-service"
          - name: discovery.zen.minimum_master_nodes
            value: "1"
          - name: node.master
            value: "true"
          - name: node.data
            value: "true"
          - name: ES_JAVA_OPTS
            value: "-Xmx256m -Xms256m"
      volumes:
        - name: elastic-config-vol
          configMap:
           name: elastic-config
           items:
           - key: elasticsearch.yml
             path: elasticsearch.yml
        - name: elastic-config-dir
          emptyDir: {}
        - name: elastic-storage
          emptyDir: {}
      initContainers:
        # elasticsearch will not run as non-root user, fix permissions
      - name: fix-vol-permission
        image: busybox
        command:
          - sh
          - -c
          - chown -R 1000:1000 /usr/share/elasticsearch/data
        securityContext:
          privileged: true
        volumeMounts:
          - name: elastic-storage
            mountPath: /usr/share/elasticsearch/data
      - name: fix-config-vol-permission
        image: busybox
        command:
          - sh
          - -c
          - cp /tmp/elasticsearch/elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
        securityContext:
          privileged: true
        volumeMounts:
          - name: elastic-config-dir
            mountPath: /usr/share/elasticsearch/config
          - name: elastic-config-vol
            mountPath: /tmp/elasticsearch
      # increase default vm.max_map_count to 262144
      - name: increase-vm-max-map-count
        image: busybox
        command:
          - sysctl
          - -w
          - vm.max_map_count=262144
        securityContext: 
          privileged: true
      - name: increase-the-ulimit
        image: busybox
        command:
          - sh
          - -c
          - ulimit -n 65536
        securityContext:
          privileged: true

Answer 1

我用:

...
        volumeMounts:
        - name: config
          mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
          subPath: elasticsearch.yml
      volumes:
      - name : config
        configMap:
          name: es-configmap

没有任何权限问题，但是您可以使用 defaultMode设置权限