Ошибка запуска argo: в доступе отказано
Я запускаю арго и получаю сообщение об ошибке
bash: /argo/staging/script: Permission denied
Похоже, что у файла сценария нет разрешений на выполнение, я просто попытался заменить bash на cat в строке 58 и получил ту же ошибку, я не думаю, что у него есть права на чтение. Давно пытаюсь и теперь не знаю, что делать, есть ли у кого-нибудь предложения?
Вот файл pod yaml, который сообщает об ошибке.
apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
workflows.argoproj.io/node-name: seldon-batch-process[1].wait-seldon-resource
labels:
workflows.argoproj.io/completed: "true"
workflows.argoproj.io/workflow: seldon-batch-process
name: seldon-batch-process-2052519094
namespace: argo
spec:
containers:
- command:
- argoexec
- wait
- --loglevel
- info
env:
- name: ARGO_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: ARGO_CONTAINER_RUNTIME_EXECUTOR
- name: GODEBUG
value: x509ignoreCN=0
- name: ARGO_WORKFLOW_NAME
value: seldon-batch-process
- name: ARGO_CONTAINER_NAME
value: wait
- name: ARGO_TEMPLATE
value: '{"name":"wait-seldon-resource-template","inputs":{},"outputs":{},"metadata":{"annotations":{"sidecar.istio.io/inject":"false"}},"script":{"name":"","image":"bitnami/kubectl:1.17","command":["bash"],"resources":{},"source":"sleep
5\nkubectl rollout status \\\n deploy/$(kubectl get deploy -l seldon-deployment-id=\"sklearn\"
-o jsonpath=''{.items[0].metadata.name}'')\n"}}'
- name: ARGO_INCLUDE_SCRIPT_OUTPUT
value: "false"
- name: ARGO_DEADLINE
value: "0001-01-01T00:00:00Z"
image: quay.io/argoproj/argoexec:latest
imagePullPolicy: Always
name: wait
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/docker.sock
name: docker-sock
readOnly: true
- mountPath: /mainctrfs/argo/staging
name: argo-staging
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-jj5hr
readOnly: true
- args:
- /argo/staging/script
command:
- bash
env:
- name: ARGO_CONTAINER_NAME
value: main
- name: ARGO_TEMPLATE
value: '{"name":"wait-seldon-resource-template","inputs":{},"outputs":{},"metadata":{"annotations":{"sidecar.istio.io/inject":"false"}},"script":{"name":"","image":"bitnami/kubectl:1.17","command":["bash"],"resources":{},"source":"sleep
5\nkubectl rollout status \\\n deploy/$(kubectl get deploy -l seldon-deployment-id=\"sklearn\"
-o jsonpath=''{.items[0].metadata.name}'')\n"}}'
- name: ARGO_INCLUDE_SCRIPT_OUTPUT
value: "false"
- name: ARGO_DEADLINE
value: "0001-01-01T00:00:00Z"
image: bitnami/kubectl:1.17
imagePullPolicy: IfNotPresent
name: main
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /argo/staging
name: argo-staging
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-jj5hr
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
initContainers:
- command:
- argoexec
- init
- --loglevel
- info
env:
- name: ARGO_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: ARGO_CONTAINER_RUNTIME_EXECUTOR
- name: GODEBUG
value: x509ignoreCN=0
- name: ARGO_WORKFLOW_NAME
value: seldon-batch-process
- name: ARGO_CONTAINER_NAME
value: init
- name: ARGO_TEMPLATE
value: '{"name":"wait-seldon-resource-template","inputs":{},"outputs":{},"metadata":{"annotations":{"sidecar.istio.io/inject":"false"}},"script":{"name":"","image":"bitnami/kubectl:1.17","command":["bash"],"resources":{},"source":"sleep
5\nkubectl rollout status \\\n deploy/$(kubectl get deploy -l seldon-deployment-id=\"sklearn\"
-o jsonpath=''{.items[0].metadata.name}'')\n"}}'
- name: ARGO_INCLUDE_SCRIPT_OUTPUT
value: "false"
- name: ARGO_DEADLINE
value: "0001-01-01T00:00:00Z"
image: quay.io/argoproj/argoexec:latest
imagePullPolicy: Always
name: init
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /argo/staging
name: argo-staging
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-jj5hr
readOnly: true
nodeName: docker-desktop
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Never
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- hostPath:
path: /var/run/docker.sock
type: Socket
name: docker-sock
- emptyDir: {}
name: argo-staging
- name: kube-api-access-jj5hr
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
моя версия арго:
(base) ➜ seldon-batch argo version
argo: v3.1.5
BuildDate: 2021-08-04T07:03:32Z
GitCommit: 3dbee0ec368f3ea8c31f49c8b1a4617cc32bcce9
GitTreeState: clean
GitTag: v3.1.5
GoVersion: go1.15.7
Compiler: gc
Platform: darwin/amd64