Double Level Softlink

This blog shows how double level softlink can be a good workaround for some situations.

We need to link persistent data to a directory under / in a container or pod, for example: /data, this folder is owned by demo, demo is also the start user of the container.

在pod中有个/data folder, owned by demo,我们想persist这个folder的内容. 在这个pod中有个mount point /mnt. 于是想把/data map到 /mnt/data.

1
2
3
# ln -s <target> <link name>
# 这样相当于/mnt/data 是个link
ln -s /data /mnt/data

这样是不对的,从pod外部的storage provisioner看 /min/data仅仅是个borken link.

The correct way is first remove /data then ln -s /mnt/data /data (/data变成了快捷方式,所以写入/data的内容实际上被写入了/mnt/data), but demo is a non-root user without super privilege, it cannot remove /data (/ is owned by root).

Let’s see how double level softlink can help:

  1. first in docker build time remove /data: rm -rf /data
  2. create a intermediary: mkdir -p /home/demo/data && chown demo:demo /home/demo/data
  3. link: ln -s /home/demo/data /data

then commit the changes into image.

when container start, in the entrypoint:

  1. first remove /home/demo/data: rm -rf /home/demo/data, this will make link to /data break.
  2. create another link: ln -s /mnt/data /home/demo/data, now link connected and fixed.

So finally the link structure is:

1
/mnt/data -> /home/demo/data -> /data

/home/demo/data is a agent between persistent mount/mnt/data and /data.

0%