操作系统信息
银河麒麟 V10
Kubernetes版本信息
1.23.17
容器运行时
docker 19
KubeSphere版本信息
3.4.1 使用kk安装
问题是什么
在已经安装好的KubeSphere情况下,启动日志组件,报错
Error: failed to start container “opensearch”: Error response from daemon: OCI runtime create failed: container_linux.go:318: starting container process caused “chdir to cwd (\”/usr/share/opensearch\“) set in config.json failed: permission denied”: unknown
配置文件如下
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: opensearch-cluster-data
namespace: kubesphere-logging-system
labels:
app.kubernetes.io/component: opensearch-cluster-data
app.kubernetes.io/instance: opensearch-data
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: opensearch
app.kubernetes.io/version: 2.6.0
helm.sh/chart: opensearch-2.11.0
annotations:
kubesphere.io/creator: admin
majorVersion: '2'
meta.helm.sh/release-name: opensearch-data
meta.helm.sh/release-namespace: kubesphere-logging-system
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/instance: opensearch-data
app.kubernetes.io/name: opensearch
template:
metadata:
name: opensearch-cluster-data
creationTimestamp: null
labels:
app.kubernetes.io/component: opensearch-cluster-data
app.kubernetes.io/instance: opensearch-data
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: opensearch
app.kubernetes.io/version: 2.6.0
helm.sh/chart: opensearch-2.11.0
annotations:
configchecksum: 7ae9ee8976556684117227f195eef403383946c42d4a80240e54080c8fb0393
kubesphere.io/creator: admin
kubesphere.io/restartedAt: '2025-10-30T11:30:49.149Z'
spec:
volumes:
- name: config
configMap:
name: opensearch-cluster-data-config
defaultMode: 420
initContainers:
- name: fsgroup-volume
image: 'busybox:latest'
command:
- sh
- '-c'
args:
- 'chown -R 1000:1000 /usr/share/opensearch/data'
resources: {}
volumeMounts:
- name: opensearch-cluster-data
mountPath: /usr/share/opensearch/data
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
securityContext:
runAsUser: 0
containers:
- name: opensearch
image: 'registry.cn-beijing.aliyuncs.com/kubesphereio/opensearch:2.6.0'
ports:
- name: http
containerPort: 9200
protocol: TCP
- name: transport
containerPort: 9300
protocol: TCP
env:
- name: node.name
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: discovery.seed_hosts
value: opensearch-cluster-master-headless
- name: cluster.name
value: opensearch-cluster
- name: network.host
value: 0.0.0.0
- name: OPENSEARCH_JAVA_OPTS
value: '-Xmx1536M -Xms1536M'
- name: node.roles
value: 'ingest,data,remote_cluster_client,'
resources:
requests:
cpu: '1'
memory: 1536Mi
volumeMounts:
- name: opensearch-cluster-data
mountPath: /usr/share/opensearch/data
- name: config
mountPath: /usr/share/opensearch/config/opensearch.yml
subPath: opensearch.yml
readinessProbe:
tcpSocket:
port: 9200
timeoutSeconds: 3
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
startupProbe:
tcpSocket:
port: 9200
initialDelaySeconds: 5
timeoutSeconds: 3
periodSeconds: 10
successThreshold: 1
failureThreshold: 30
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
drop:
- ALL
runAsUser: 1000
runAsNonRoot: true
restartPolicy: Always
terminationGracePeriodSeconds: 120
dnsPolicy: ClusterFirst
securityContext:
runAsUser: 1000
fsGroup: 1000
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- opensearch-data
- key: app.kubernetes.io/name
operator: In
values:
- opensearch
topologyKey: kubernetes.io/hostname
schedulerName: default-scheduler
enableServiceLinks: true
volumeClaimTemplates:
- kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: opensearch-cluster-data
creationTimestamp: null
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
volumeMode: Filesystem
status:
phase: Pending
serviceName: opensearch-cluster-data-headless
podManagementPolicy: Parallel
updateStrategy:
type: RollingUpdate
revisionHistoryLimit: 10
重装N次都不行,求大佬解答
