我试图以非root用户身份运行nginx容器
我正在尝试配置nginx.conf文件,然后将其放入k8s configmap中,但是当容器启动时,它会不断抛出错误,例如
"pid" directive is not allowed here in /etc/nginx/conf.d/nginx-kibana.conf:4
及随后的每一个
我需要在配置中修复或调整什么,还是需要调整nginx-deployment.yaml中的
volume:?这是我的nginx.conf
error_log /tmp/error.log;
# The pidfile will be written to /var/run unless this is set.
pid /tmp/nginx.pid;
worker_processes 1;
events {
worker_connections 1024;
}
http {
# Set an array of temp and cache file options that will otherwise default to
# restricted locations accessible only to root.
client_body_temp_path /tmp/client_body;
fastcgi_temp_path /tmp/fastcgi_temp;
proxy_temp_path /tmp/proxy_temp;
scgi_temp_path /tmp/scgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
index index.html index.htm index.php;
default_type application/octet-stream;
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# the UI will send the request with query string pageId to kibana to load a specific page
# e.g: iframe src="/kibana/page?pageId=dashboard"
# set proxy_pass to root kibana does not see the query params, so we have to go to /app/kibana
location ^~ /${KIBANA_PATH}/page {
proxy_pass http://127.0.0.1:5601/app/kibana/${ESC}is_args${ESC}args;
proxy_http_version 1.1;
proxy_set_header Upgrade ${ESC}http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host ${ESC}host;
proxy_cache_bypass ${ESC}http_upgrade;
}
# have to re-write URLs for kibana to strip out the /kibana part
location /${KIBANA_PATH}/ {
proxy_pass http://127.0.0.1:5601/;
proxy_http_version 1.1;
proxy_set_header Upgrade ${ESC}http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host ${ESC}host;
proxy_cache_bypass ${ESC}http_upgrade;
}
}
}
这就是我将configmap挂载到容器的方式
securityContext:
fsGroup: 2000
runAsUser: 2000
volumes:
- name: nginxconfigmap-volume
configMap:
name: my-nginx-configmap
containers:
- name: nginx
image: nginx:stable
ports:
- containerPort: 8080
name: http
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
scheme: HTTP
path: /
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 2
failureThreshold: 6
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: nginxconfigmap-volume
最佳答案
如果我将volume-mount路径修改为
volumeMounts:
- mountPath: /etc/nginx
name: nginxconfigmap-volume
然后我得到这个错误
2019/10/23 02:50:49 [emerg] 1#1:open()“/etc/nginx/nginx.conf”失败(2:无此类文件或目录)
nginx:[emerg] open()“/etc/nginx/nginx.conf”失败(2:无此类文件或目录)
不确定如何进行
关于nginx - 无法以非root用户身份运行nginx容器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58514711/