docker - 使用 Kubernetes ConfigMap 加载时，elasticsearch.yml 是只读的

Question

我在使用 Kubernetes 安装 ElasticSearch 时尝试使用 ConfigMap 加载 elasticsearch.yml 文件。

kubectl create configmap elastic-config --from-file=./elasticsearch.yml

elasticsearch.yml 文件加载到容器中，root 作为其所有者并具有只读权限 ( https://github.com/kubernetes/kubernetes/issues/62099 )。由于 ElasticSearch 不会以 root 所有权启动，因此 Pod 崩溃。

作为解决方法，我尝试将 ConfigMap 挂载到不同的文件，然后使用 initContainer 将其复制到 config 目录>。但是，config目录中的文件似乎没有更新。 有什么我遗漏的或者有其他方法可以实现这一点吗？

ElasticSearch Kubernetes StatefulSet:

apiVersion: apps/v1
kind: StatefulSet
metadata: 
  name: es-cluster
  labels:
    app: elasticservice
spec:
  serviceName: elasticsearch
  replicas: 1
  selector: 
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      containers:
      - name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:6.5.4
        resources:
          limits:
            cpu: 1000m
          requests: 
            cpu: 100m
        ports:
        - containerPort: 9200
          name: rest
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: elastic-config-vol
          mountPath: /tmp/elasticsearch
        - name:  elastic-storage
          mountPath: /usr/share/elasticsearch/data
        env:
          - name: cluster.name
            value: docker-elastic
          - name: node.name
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: discovery.zen.ping.unicast.hosts
            value: "elastic-service"
          - name: discovery.zen.minimum_master_nodes
            value: "1"
          - name: node.master
            value: "true"
          - name: node.data
            value: "true"
          - name: ES_JAVA_OPTS
            value: "-Xmx256m -Xms256m"
      volumes:
        - name: elastic-config-vol
          configMap:
           name: elastic-config
           items:
           - key: elasticsearch.yml
             path: elasticsearch.yml
        - name: elastic-config-dir
          emptyDir: {}
        - name: elastic-storage
          emptyDir: {}
      initContainers:
        # elasticsearch will not run as non-root user, fix permissions
      - name: fix-vol-permission
        image: busybox
        command:
          - sh
          - -c
          - chown -R 1000:1000 /usr/share/elasticsearch/data
        securityContext:
          privileged: true
        volumeMounts:
          - name: elastic-storage
            mountPath: /usr/share/elasticsearch/data
      - name: fix-config-vol-permission
        image: busybox
        command:
          - sh
          - -c
          - cp /tmp/elasticsearch/elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
        securityContext:
          privileged: true
        volumeMounts:
          - name: elastic-config-dir
            mountPath: /usr/share/elasticsearch/config
          - name: elastic-config-vol
            mountPath: /tmp/elasticsearch
      # increase default vm.max_map_count to 262144
      - name: increase-vm-max-map-count
        image: busybox
        command:
          - sysctl
          - -w
          - vm.max_map_count=262144
        securityContext: 
          privileged: true
      - name: increase-the-ulimit
        image: busybox
        command:
          - sh
          - -c
          - ulimit -n 65536
        securityContext:
          privileged: true

Answer 1

我使用:

...
        volumeMounts:
        - name: config
          mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
          subPath: elasticsearch.yml
      volumes:
      - name : config
        configMap:
          name: es-configmap

没有任何权限问题，但可以通过 defaultMode 设置权限