自从我将我的 Digital Ocean 集群更新到 Kubernetes 1.20 以来,我在像这样的部署和 statefulsets 上安装 nfs 卷时出现多个错误:
Unable to attach or mount volumes: unmounted volumes=[storage], unattached volumes=[storage kube-api-access-p2rxg config]: timed out waiting for the condition
或者这个:
MountVolume.SetUp failed for volume "pvc-45b42793-b47d-4fab-afd7-c05a38c59d94" : mount failed: exit status 32 Mounting command: mount Mounting arguments: -t nfs -o vers=3 10.245.244.118:/export/pvc-45b42793-b47d-4fab-afd7-c05a38c59d94 /var/lib/kubelet/pods/f5f46e8f-4078-4a54-8c40-f2f2f50e3cfa/volumes/kubernetes.io~nfs/pvc-45b42793-b47d-4fab-afd7-c05a38c59d94 Output: mount.nfs: access denied by server while mounting 10.245.244.118:/export/pvc-45b42793-b47d-4fab-afd7-c05a38c59d94
PV 和 PVC 都很好,绑定并且显示没有错误,我找不到解决方法...
例如一个redis配置:
Name: toolib-dev-redis-0
Namespace: default
Priority: 0
Node: pool-8gb-4vcpu-8s3aw/10.135.114.203
Start Time: Thu, 22 Jul 2021 14:08:27 +0200
Labels: app=redis
chart=redis-10.7.11
controller-revision-hash=toolib-dev-redis-ccb4d5475
release=toolib-dev
role=master
statefulset.kubernetes.io/pod-name=toolib-dev-redis-0
Annotations: checksum/configmap: 0737f5e9fab2f644768e1df5f0b7c23b6f98ebfb2dacf2ed33bec6fceac68dae
checksum/health: 9ecbeadea17dee912ca49a508bd60b76ae75ef4e0b1577f98838e4bd939adc46
checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
prometheus.io/port: 9121
prometheus.io/scrape: true
Status: Pending
IP:
IPs: <none>
Controlled By: StatefulSet/toolib-dev-redis
Containers:
redis:
Container ID:
Image: docker.io/bitnami/redis:6.0.5-debian-10-r32
Image ID:
Port: 6379/TCP
Host Port: 0/TCP
Command:
/bin/bash
-c
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--protected-mode" "no")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
/run.sh ${ARGS[@]}
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Liveness: exec [sh -c /health/ping_liveness_local.sh 5] delay=5s timeout=5s period=5s #success=1 #failure=5
Readiness: exec [sh -c /health/ping_readiness_local.sh 5] delay=5s timeout=1s period=5s #success=1 #failure=5
Environment:
REDIS_REPLICATION_MODE: master
ALLOW_EMPTY_PASSWORD: yes
REDIS_TLS_ENABLED: no
REDIS_PORT: 6379
Mounts:
/data from redis-data (rw)
/health from health (rw)
/opt/bitnami/redis/etc/ from redis-tmp-conf (rw)
/opt/bitnami/redis/mounted-etc from config (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kdlx4 (ro)
metrics:
Container ID:
Image: docker.io/bitnami/redis-exporter:1.9.0-debian-10-r2
Image ID:
Port: 9121/TCP
Host Port: 0/TCP
Command:
/bin/bash
-c
if [[ -f '/secrets/redis-password' ]]; then
export REDIS_PASSWORD=$(cat /secrets/redis-password)
fi
redis_exporter
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Environment:
REDIS_ALIAS: toolib-dev-redis
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kdlx4 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
redis-data:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: redis-data-toolib-dev-redis-0
ReadOnly: false
health:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: toolib-dev-redis-health
Optional: false
config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: toolib-dev-redis
Optional: false
redis-tmp-conf:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kube-api-access-kdlx4:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m58s default-scheduler Successfully assigned default/toolib-dev-redis-0 to pool-8gb-4vcpu-8s3aw
Warning FailedMount 55s kubelet Unable to attach or mount volumes: unmounted volumes=[redis-data], unattached volumes=[health redis-data config redis-tmp-conf kube-api-access-kdlx4]: timed out waiting for the condition
Warning FailedMount 47s kubelet MountVolume.SetUp failed for volume "pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081" : mount failed: exit status 32
Mounting command: mount
Mounting arguments: -t nfs -o vers=3 10.245.165.123:/export/pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081 /var/lib/kubelet/pods/384b9414-5522-4731-96e6-28c7d5514c29/volumes/kubernetes.io~nfs/pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081
Output: mount.nfs: Connection timed out
聚氯乙烯:
Name: redis-data-toolib-dev-redis-0
Namespace: default
StorageClass: nfs
Status: Bound
Volume: pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081
Labels: app=redis
component=master
heritage=Helm
release=toolib-dev
role=master
Annotations: pv.kubernetes.io/bind-completed: yes
pv.kubernetes.io/bound-by-controller: yes
volume.beta.kubernetes.io/storage-provisioner: cluster.local/toolib-dev-nfs-server-provisioner
Finalizers: [kubernetes.io/pvc-protection]
Capacity: 1Gi
Access Modes: RWO
VolumeMode: Filesystem
Used By: toolib-dev-redis-0
Events: <none>
PV:
Name: pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081
Labels: <none>
Annotations: EXPORT_block:
EXPORT
{
Export_Id = 3;
Path = /export/pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081;
Pseudo = /export/pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081;
Access_Type = RW;
Squash = no_root_squash;
SecType = sys;
Filesystem_id = 3.3;
FSAL {
Name = VFS;
}
}
Export_Id: 3
Project_Id: 0
Project_block:
Provisioner_Id: 395bd01e-ad2b-11e9-8ba9-da1e9ed97b98
kubernetes.io/createdby: nfs-dynamic-provisioner
pv.kubernetes.io/provisioned-by: cluster.local/toolib-dev-nfs-server-provisioner
Finalizers: [kubernetes.io/pv-protection]
StorageClass: nfs
Status: Bound
Claim: default/redis-data-toolib-dev-redis-0
Reclaim Policy: Delete
Access Modes: RWO
VolumeMode: Filesystem
Capacity: 1Gi
Node Affinity: <none>
Message:
Source:
Type: NFS (an NFS mount that lasts the lifetime of a pod)
Server: 10.245.165.123
Path: /export/pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081
ReadOnly: false
Events: <none>
kube-api-access 在这个 kubernetes 版本中好像是新的,不知道怎么处理
我尝试了什么:
更新每个节点并为 nfs 卷安装 libnfs-utils 和其他有用的东西
更新我正在使用的图表
删除卷并重新创建
更新我的 nfs-server-provisioner
尝试一些我发现的堆栈溢出解决方案(比如这个MountVolume.SetUp failed for volume "nfs" : mount failed: exit status 32)
关于堆栈的第一个问题,希望我能得到帮助,谢谢!