Docker 镜像在 containerd 使用是否有权限问题?

K3s
1

环境信息:
K3s 版本:

k3s version v1.25.2+k3s1 (53c268d8)
go version go1.19.1

节点 CPU 架构、操作系统和版本::

Linux master 3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

集群配置:

1 servers
问题描述:

k3s containerd 运行镜像报错
复现步骤:

  • 安装 K3s 的命令:
    INSTALL_K3S_SKIP_DOWNLOAD=true ./install.sh
    INSTALL_K3S_SKIP_DOWNLOAD=true INSTALL_K3S_EXEC=“server --docker” ./install.sh

预期结果:
容器运行

实际结果:
用docker运行正常
用 containerd 报错

image
image787×334 6.97 KB 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-dep
spec:
  selector:
    matchLabels:
      app: nginx-dep-lab
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx-dep-lab
    spec:
      containers:
      - name: nginxctn
        image: alpine-php8-nginx:3.16-8-1.22
        imagePullPolicy: IfNotPresent
        #command: ['/bin/sh','-c','cat /etc/nginx/nginx.conf']
        ports:
        - containerPort: 80
        resources:
          requests:
            memory: "16Mi"
            cpu: "10m"
          limits:
            memory: "64Mi"
            cpu: "20m"
        livenessProbe:
          initialDelaySeconds: 10   #延迟检测时间
          periodSeconds: 5          #检测时间间隔
          tcpSocket:
            port: 80
        readinessProbe:
          initialDelaySeconds: 20   
          periodSeconds: 5
          timeoutSeconds: 10
          tcpSocket:
            port: 80
        startupProbe:
          httpGet:
            path: /hostip.php
            port: 80
          failureThreshold: 60
          initialDelaySeconds: 5
          periodSeconds: 5
        volumeMounts:
        - name: nginx-html								# 挂载数据卷 (要跟下面的 name 名字相同)
          mountPath: /etc/nginx/html/					# 容器内的挂载路径
        - name: nginx-logs								# 挂载数据卷 (要跟下面的 name 名字相同)
          mountPath: /etc/nginx/logs/					# 容器内的挂载路径
        - name: nginx-conf-n								# 挂载数据卷 (要跟下面的 name 名字相同)
          mountPath: /etc/nginx/nginx.conf					# 容器内的挂载路径
          subPath: nginx.conf
        - name: www-conf-n								# 挂载数据卷 (要跟下面的 name 名字相同)
          mountPath: /etc/php8/php-fpm.d/www.conf					# 容器内的挂载路径
          subPath: www.conf
      volumes:
        - name: nginx-conf-n
          configMap:
            name: nginx-conf
            items:
              - key: nginx.conf
                path: nginx.conf
        - name: www-conf-n
          configMap:
            name: www-conf
            items:
              - key: www.conf
                path: www.conf
        - name: nginx-html
          hostPath:
            # directory location on host  绑定的节点的文件路径
            path: /data/nginxconf/html/
            # this field is optional  此路径类型为必须存在
            type: Directory
        - name: nginx-logs
          hostPath:
            # directory location on host  绑定的节点的文件路径
            path: /data/nginxconf/logs/
            # this field is optional  此路径类型为必须存在
            type: Directory
      restartPolicy: Always

#rc-service php-fpm8 start

附加上下文/日志:

日志 
#rc-service php-fpm8 start

hostname: sethostname: Operation not permitted                                                                                                                   [ !! ]
 * ERROR: hostname failed to start
 * ERROR: cannot start networking as hostname would not start
 * ERROR: cannot start php-fpm8 as hostname would not start
2

看样子是应用层面的问题,和 K3s 无关

3

k3s没有什么安装参数,设置容器进程权限的?

4

你可以用 k8s 举例子,你想要什么参数