1

我在 RedHat 博客文章之后创建了一个 pod,并使用 YAML 文件创建了一个后续 pod

帖子:https ://www.redhat.com/sysadmin/compose-podman-pods

使用命令创建 pod 时,pod 工作正常(可以访问 localhost:8080)

使用 YAML 文件创建 pod 时,我得到error 403 forbidden

我已经在两个不同的主机上尝试过这个(都从头开始创建 pod 并使用 YAML),每次都删除所有图像和 pod 以确保没有任何影响该过程

我正在podman 2.0.4使用Ubuntu 20.04

命令:

podman create --name wptestpod -p 8080:80

podman run \
-d --restart=always --pod=wptestpod \
-e MYSQL_ROOT_PASSWORD="myrootpass" \
-e MYSQL_DATABASE="wp" \
-e MYSQL_USER="wordpress" \
-e MYSQL_PASSWORD="w0rdpr3ss" \
--name=wptest-db mariadb


podman run \
-d --restart=always --pod=wptestpod \
-e WORDPRESS_DB_NAME="wp" \
-e WORDPRESS_DB_USER="wordpress" \
-e WORDPRESS_DB_PASSWORD="w0rdpr3ss" \
-e WORDPRESS_DB_HOST="127.0.0.1" \
--name wptest-web wordpress

原始 YAML 文件来自podman generate kube wptestpod > wptestpod.yaml

# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-2.0.4
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: '2020-08-26T17:02:56Z'
  labels:
    app: wptestpod
  name: wptestpod
spec:
  containers:
    - command:
        - apache2-foreground
      env:
        - name: PATH
          value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
        - name: TERM
          value: xterm
        - name: container
          value: podman
        - name: WORDPRESS_DB_NAME
          value: wp
        - name: WORDPRESS_DB_USER
          value: wordpress
        - name: APACHE_CONFDIR
          value: /etc/apache2
        - name: PHP_LDFLAGS
          value: -Wl,-O1 -pie
        - name: PHP_VERSION
          value: 7.4.9
        - name: PHP_EXTRA_CONFIGURE_ARGS
          value: --with-apxs2 --disable-cgi
        - name: GPG_KEYS
          value: 42670A7FE4D0441C8E4632349E4FDC074A4EF02D 5A52880781F755608BF815FC910DEB46F53EA312
        - name: WORDPRESS_DB_PASSWORD
          value: t3stp4ssw0rd
        - name: APACHE_ENVVARS
          value: /etc/apache2/envvars
        - name: PHP_ASC_URL
          value: https://www.php.net/distributions/php-7.4.9.tar.xz.asc
        - name: PHP_SHA256
          value: 23733f4a608ad1bebdcecf0138ebc5fd57cf20d6e0915f98a9444c3f747dc57b
        - name: PHP_URL
          value: https://www.php.net/distributions/php-7.4.9.tar.xz
        - name: WORDPRESS_DB_HOST
          value: 127.0.0.1
        - name: PHP_CPPFLAGS
          value: -fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
        - name: PHP_MD5
        - name: PHP_EXTRA_BUILD_DEPS
          value: apache2-dev
        - name: PHP_CFLAGS
          value: -fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
        - name: WORDPRESS_SHA1
          value: 03fe1a139b3cd987cc588ba95fab2460cba2a89e
        - name: PHPIZE_DEPS
          value: "autoconf \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkg-config \t\tre2c"
        - name: WORDPRESS_VERSION
          value: '5.5'
        - name: PHP_INI_DIR
          value: /usr/local/etc/php
        - name: HOSTNAME
          value: wptestpod
      image: docker.io/library/wordpress:latest
      name: wptest-web
      ports:
        - containerPort: 80
          hostPort: 8080
          protocol: TCP
      resources: {}
      securityContext:
        allowPrivilegeEscalation: true
        capabilities: {}
        privileged: false
        readOnlyRootFilesystem: false
        seLinuxOptions: {}
      workingDir: /var/www/html
    - command:
        - mysqld
      env:
        - name: PATH
          value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
        - name: TERM
          value: xterm
        - name: container
          value: podman
        - name: MYSQL_PASSWORD
          value: t3stp4ssw0rd
        - name: GOSU_VERSION
          value: '1.12'
        - name: GPG_KEYS
          value: 177F4010FE56CA3336300305F1656F24C74CD1D8
        - name: MARIADB_MAJOR
          value: '10.5'
        - name: MYSQL_ROOT_PASSWORD
          value: t3stp4ssw0rd
        - name: MARIADB_VERSION
          value: 1:10.5.5+maria~focal
        - name: MYSQL_DATABASE
          value: wp
        - name: MYSQL_USER
          value: wordpress
        - name: HOSTNAME
          value: wptestpod
      image: docker.io/library/mariadb:latest
      name: wptest-db
      resources: {}
      securityContext:
        allowPrivilegeEscalation: true
        capabilities: {}
        privileged: false
        readOnlyRootFilesystem: false
        seLinuxOptions: {}
      workingDir: /
status: {}
---
metadata:
  creationTimestamp: null
spec: {}
status:
  loadBalancer: {}

删除了某些环境的 YAML 文件(取自博客文章):

# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-1.9.3
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2020-07-01T20:17:42Z"
  labels:
    app: wptestpod
  name: wptestpod
spec:
  containers:
  - name: wptest-web
    env:
    - name: WORDPRESS_DB_NAME
      value: wp
    - name: WORDPRESS_DB_HOST
      value: 127.0.0.1
    - name: WORDPRESS_DB_USER
      value: wordpress
    - name: WORDPRESS_DB_PASSWORD
      value: w0rdpr3ss
    image: docker.io/library/wordpress:latest
    ports:
    - containerPort: 80
      hostPort: 8080
      protocol: TCP
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      capabilities: {}
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    workingDir: /var/www/html
  - name: wptest-db
    env:
    - name: MYSQL_ROOT_PASSWORD
      value: myrootpass
    - name: MYSQL_USER
      value: wordpress
    - name: MYSQL_PASSWORD
      value: w0rdpr3ss
    - name: MYSQL_DATABASE
      value: wp
    image: docker.io/library/mariadb:latest
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      capabilities: {}
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    workingDir: /
status: {}

谁能看到为什么这个 pod 在使用 YAML 文件创建时无法工作,但在使用命令创建时工作正常?这似乎是一个很好的工作流程,但如果使用 YAML 生成的 pod 无法正常工作,那就没用了。

4

1 回答 1

2

我发现同一篇文章,和你一样的问题。以下测试均不适合我:

  • 添加和删​​除环境变量
  • 添加和删​​除restartPolicy部分
  • 玩这个capabilities角色

一旦你移回command零件,一切都会再次启动。

使用以下内容进行检查wordpress.yaml

# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-2.2.1
apiVersion: v1
kind: Pod
metadata:
  labels:
    app: wordpress-pod
  name: wordpress-pod
spec:
  containers:
  - command:
    - apache2-foreground
    name: wptest-web
    env:
    - name: WORDPRESS_DB_NAME
      value: wp
    - name: WORDPRESS_DB_HOST
      value: 127.0.0.1
    - name: WORDPRESS_DB_USER
      value: wordpress
    - name: WORDPRESS_DB_PASSWORD
      value: w0rdpr3ss
    image: docker.io/library/wordpress:latest
    ports:
    - containerPort: 80
      hostPort: 8080
      protocol: TCP
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      capabilities: {}
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    workingDir: /var/www/html
  - command:
    - mysqld
    name: wptest-db
    env:
    - name: MYSQL_ROOT_PASSWORD
      value: myrootpass
    - name: MYSQL_USER
      value: wordpress
    - name: MYSQL_PASSWORD
      value: w0rdpr3ss
    - name: MYSQL_DATABASE
      value: wp
    image: docker.io/library/mariadb:latest
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      capabilities: {}
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    workingDir: /
status: {}

播放和检查:

# Create containers, pod and run everything
$ podman play kube wordpress.yaml

# Output
Pod:
5a211c35419b4fcf0deda718e47eec2dd10653a5c5bacc275c312ae75326e746
Containers:
bfd087b5649f8d1b3c62ef86f28f4bcce880653881bcda21823c09e0cca1c85b
5aceb11500db0a91b4db2cc4145879764e16ed0e8f95a2f85d9a55672f65c34b

# Check running state
$ podman container ls; podman pod ls

# Output
CONTAINER ID  IMAGE                               COMMAND               CREATED         STATUS             PORTS                 NAMES
5aceb11500db  docker.io/library/mariadb:latest    mysqld                13 seconds ago  Up 10 seconds ago  0.0.0.0:8080->80/tcp  wordpress-pod-wptest-db
bfd087b5649f  docker.io/library/wordpress:latest  apache2-foregroun...  16 seconds ago  Up 10 seconds ago  0.0.0.0:8080->80/tcp  wordpress-pod-wptest-web
d8bf33eede43  k8s.gcr.io/pause:3.2                                      19 seconds ago  Up 11 seconds ago  0.0.0.0:8080->80/tcp  5a211c35419b-infra
POD ID        NAME           STATUS   CREATED         INFRA ID      # OF CONTAINERS
5a211c35419b  wordpress-pod  Running  20 seconds ago  d8bf33eede43  3

关于这个错误的更多解释:

问题是entrypoint并且cmd没有从图像中正确解析,正如您所期望的那样。它正在处理以前的版本,并且已经为将来的版本确定并修复了它。

完整参考:

podman#8710-comment.748672710找到的评论将此问题分为两部分:

  • 让 podman 播放使用图像中的 ENV ”(podman#8654已在主流中修复)
  • podman play 应该尊重图像中的 ENTRYPOINT 和 CMD ” ( podman#8666 )
    • 这个替换为“ play kube: fix args/command handling ”(podman#8807已经合并到主流的那个)
于 2021-02-25T05:43:53.390 回答