nginx - Nginx Config.json 在 k8s 部署 Angular App 中挂载 ConfigMap

问题描述

我正在尝试将 ConfigMap 挂载到 Nginx 中，但是当我挂载 ConfigMap 时，我的 POD 无法启动并出现错误Error: container has runAsNonRoot and image will run as root

我的部署.yaml

apiVersion: apps/v1 
kind: Deployment 
metadata:   
   name: {{ template "fullname" . }}   
   namespace: {{ .Values.namespace }}   
   labels:
     app: {{ template "fullname" . }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     release: "{{ .Release.Name }}"
     heritage: "{{ .Release.Service }}" 
spec:   
  replicas: {{ .Values.replicas }}   
  selector:
    matchLabels:
      app: {{ template "fullname" . }}
      release: "{{ .Release.Name }}"     # We dont need a large deployment history limit as Helm keeps it's own   # history   revisionHistoryLimit: 2   template:
    metadata:
      namespace: {{ .Values.namespace }}
      labels:
        app: {{ template "fullname" . }}
        release: "{{ .Release.Name }}"
    spec:
      containers:
      - name: container
        image: {{ template "docker-image" . }}
        lifecycle:
          preStop:
            exec:
              command: ["sleep", "15"]
        imagePullPolicy: Always
        ports:
        # The port that our container listens for HTTP requests on. Might also
        # be 3000 or 8000
        - containerPort: 8080
          name: http
        env:
        # You can set environment variables that don't change across environments here
          - name: ACTIVE_ENVIRONMENT
            value: {{ .Values.environment }}
        volumeMounts:
        - name: msal-config-volume
          mountPath: /etc/nginx/html/assets/config.json
          subPath: config.json
          readOnly: true
        resources: {{ toYaml .Values.resources | indent 10 }}
      imagePullSecrets: 
      - name: secret
      volumes:
      - name: msal-config-volume
        configMap:
          name: msal-configmap

我/etc/nginx/html/assets/是我的人工部署，我试图config.json从 ConfigMap 替换文件。当我安装msal-config-volume吊舱时无法启动。

标签： nginxkubernetesvolumeconfigmap