level=error ts=2018-10-22T14:34:58.632016274Z caller=main.go:617 err="opening storage failed: lock DB directory: open /data/lock: permission denied"
处理方法:
在spec.template.securitycontext.runAsUser下设置值为0,即可解决
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus-server
namespace: monitor-sa
labels:
app: prometheus
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
component: server
#matchExpressions:
#- {key: app, operator: In, values: [prometheus]}
#- {key: component, operator: In, values: [server]}
template:
metadata:
labels:
app: prometheus
component: server
annotations:
prometheus.io/scrape: 'false'
spec:
nodeName: mm2
serviceAccountName: monitor
securityContext:
runAsUser: 0
创建 Pod 后,我们可以看到并没有成功运行,出现了 open /prometheus/queries.active: permission denied 这样的错误信息,这是因为我们的 prometheus 的镜像中是使用的 nobody 这个用户,然后现在我们通过 LocalPV 挂载到宿主机上面的目录的 ownership 却是 root:
......
initContainers:
- name: fix-permissions
image: busybox
command: [chown, -R, "nobody:nobody", /prometheus] #改线运行项目目录的权限
volumeMounts:
- name: data
mountPath: /prometheus
也可以如此处理:
spec:
nodeName: mm2
serviceAccountName: monitor
securityContext:
runAsUser: 0
- prometheus permission deniedprometheus permission denied permission connect denied docker docker permission connect denied permission openssh denied please permission权限denied问题 permission stevenlong smith-bing denied permission publickey coding denied permission publickey denied permission startup denied bash permission connect ubuntu denied