使用 Docker 和 Kubernetes 构建 SAMBA AD DC 容器会向卷提供错误的内容

我正在为运行 SAMBA Active Directory 域控制器的 Kubernetes 构建一个容器。

我正在通过 Ansible 完成这项工作，并且容器正在部署在 Kubernetes 集群（K3S）中。

Docker 使用以下文件作为其构建的一部分：

etc/krb5.conf
etc/bind/rndc.key
etc/bind/named.conf.local
etc/bind/db.0
etc/bind/db.255
etc/bind/db.empty
etc/bind/named.conf.options
etc/bind/db.local
etc/bind/named.conf
etc/bind/db.127
etc/bind/named.conf.default-zones
etc/supervisor/conf.d/supervisord.conf
etc/freeradius/3.0/mods-available/eap
etc/freeradius/3.0/mods-available/realm
etc/freeradius/3.0/mods-available/ntlm_auth
etc/freeradius/3.0/mods-available/mschap
etc/freeradius/3.0/clients.conf
etc/freeradius/3.0/proxy.conf
etc/freeradius/3.0/sites-available/default
etc/freeradius/3.0/sites-available/inner-tunnel
boot/init.sh
boot/kdb5_util_create.expect
Dockerfile

这个想法是，对于所有文件，容器内的路径都是相同的，但/作为前缀。

然而，当我检查编译后的运行容器时，我发现了一些奇怪的事情。

/etc/samba和/etc/bind的内容/etc/freeradius绝对不应该相同！

我的内容Dockerfile如下：

FROM ubuntu:noble

ENV DEBIAN_FRONTEND noninteractive

# Avoid ERROR: invoke-rc.d: policy-rc.d denied execution of start.
RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d

VOLUME ["/var/lib/samba", "/etc/samba", "/etc/bind", "/etc/freeradius", "/SambaVolume"]

# Setup ssh and install supervisord
RUN apt-get update
RUN apt-get upgrade -y
RUN apt-get install -y openssh-server supervisor ntp mc
RUN mkdir -p /var/run/sshd
RUN mkdir -p /var/log/supervisor
RUN sed -ri 's/PermitRootLogin without-password/PermitRootLogin Yes/g' /etc/ssh/sshd_config

# Add SAMBA VolumeShare location
RUN mkdir -p /SambaVolume

# Install bind9 dns server
RUN apt-get install -y bind9 dnsutils
# Copy tweaked DNS setttings (instead of ADD, due to we want to overwrite any existing files)
COPY etc/bind/* /etc/bind/

# Install samba and dependencies to make it an Active Directory Domain Controller
RUN apt-get install -y samba smbclient winbind libpam-winbind libnss-winbind krb5-kdc libpam-krb5

# Install Freeradius so validate VPN users against samba
RUN apt-get install -y freeradius

# Copy Freeradius customised files
COPY etc/freeradius/ /etc/freeradius/

# Copy customized kerberos configuration file
COPY etc/krb5.conf /etc/

# Install utilities needed for setup
RUN apt-get install -y expect pwgen
ADD boot/kdb5_util_create.expect /root/kdb5_util_create.expect

# Install rsyslog to get better logging of ie. bind9
RUN apt-get install -y rsyslog

# Create run directory for bind9
RUN mkdir -p /var/run/named
RUN chown -R bind:bind /var/run/named

# Add supervisord and init
ADD etc/supervisor/conf.d/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
ADD boot/init.sh /root/init.sh
RUN chmod 755 /root/init.sh
EXPOSE 53/tcp 53/udp 80/tcp 80/udp 88/tcp 88/udp 135/tcp 135/udp 137/tcp 137/udp 
EXPOSE 138/tcp 138/udp 389/tcp 389/udp 443/tcp 443/udp 445/tcp 445/udp 464/tcp 464/udp 
EXPOSE 636/tcp 636/udp 3268/tcp 3268/udp 3269/tcp 3269/udp 9389/tcp 9389/udp
EXPOSE 123/udp 22/tcp 22/udp
ENTRYPOINT ["/root/init.sh"]
CMD ["app:start"]

使用以下命令将编译后的容器存储在本地寄存器中：

  docker build -t samba:latest samba/
  docker tag samba:latest registry.example.com:5000/samba:latest
  docker push registry.example.com:5000/samba:latest  

它通过 Ansible 进行部署，任务如下：

- name: Create SAMBA Deployment
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: apps/v1
      kind: StatefulSet
      metadata:
        name: samba
        namespace: samba-system
        labels:
          app: samba
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: samba
        template:
          metadata:
            labels:
              app: samba
          spec:
            volumes:
              - name: samba-config
                persistentVolumeClaim:
                  claimName: samba-config-vol

            containers:
              - name: samba
                image: registry.example.com:5000/samba:latest
                ports:
                  - containerPort: 123
                    protocol: UDP

#           ### SKIPPING ###

                 - containerPort: 9389
                    protocol: UDP
                  - containerPort: 9389
                    protocol: TCP

                volumeMounts:
                  - name: samba-config
                    mountPath: /etc/samba
                  - name: samba-config
                    mountPath: /etc/bind
                  - name: samba-config
                    mountPath: /etc/freeradius
                  - name: samba-config
                    mountPath: /var/lib/samba

                envFrom:
                  - configMapRef:
                      name: samba-environment-map

                securityContext:
                  priviledged: true
                  allowPrivilegeEscalation: true
                  readOnlyRootFilesystem: false

                  capabilities:
                    add:
                      - ALL

/etc/bind我很奇怪为什么文件夹、/etc/samba和的内容/etc/freeradius相同。

我想我在某处读到您可以persistentVolumeClaim对所有文件夹使用相同的内容？