自 Kubernetes 1.20 起无法附加或挂载卷

时间:2021-07-22 12:18:49

标签: kubernetes volume mount nfs statefulset

自从我将我的 Digital Ocean 集群更新到 Kubernetes 1.20 以来,我在像这样的部署和 statefulsets 上安装 nfs 卷时出现多个错误:

Unable to attach or mount volumes: unmounted volumes=[storage], unattached volumes=[storage kube-api-access-p2rxg config]: timed out waiting for the condition

或者这个:

MountVolume.SetUp failed for volume "pvc-45b42793-b47d-4fab-afd7-c05a38c59d94" : mount failed: exit status 32 Mounting command: mount Mounting arguments: -t nfs -o vers=3 10.245.244.118:/export/pvc-45b42793-b47d-4fab-afd7-c05a38c59d94 /var/lib/kubelet/pods/f5f46e8f-4078-4a54-8c40-f2f2f50e3cfa/volumes/kubernetes.io~nfs/pvc-45b42793-b47d-4fab-afd7-c05a38c59d94 Output: mount.nfs: access denied by server while mounting 10.245.244.118:/export/pvc-45b42793-b47d-4fab-afd7-c05a38c59d94

PV 和 PVC 都很好,绑定并且显示没有错误,我找不到解决方法...

例如一个redis配置:

Name:           toolib-dev-redis-0
Namespace:      default
Priority:       0
Node:           pool-8gb-4vcpu-8s3aw/10.135.114.203
Start Time:     Thu, 22 Jul 2021 14:08:27 +0200
Labels:         app=redis
                chart=redis-10.7.11
                controller-revision-hash=toolib-dev-redis-ccb4d5475
                release=toolib-dev
                role=master
                statefulset.kubernetes.io/pod-name=toolib-dev-redis-0
Annotations:    checksum/configmap: 0737f5e9fab2f644768e1df5f0b7c23b6f98ebfb2dacf2ed33bec6fceac68dae
                checksum/health: 9ecbeadea17dee912ca49a508bd60b76ae75ef4e0b1577f98838e4bd939adc46
                checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                prometheus.io/port: 9121
                prometheus.io/scrape: true
Status:         Pending
IP:             
IPs:            <none>
Controlled By:  StatefulSet/toolib-dev-redis
Containers:
  redis:
    Container ID:  
    Image:         docker.io/bitnami/redis:6.0.5-debian-10-r32
    Image ID:      
    Port:          6379/TCP
    Host Port:     0/TCP
    Command:
      /bin/bash
      -c
      if [[ -n $REDIS_PASSWORD_FILE ]]; then
        password_aux=`cat ${REDIS_PASSWORD_FILE}`
        export REDIS_PASSWORD=$password_aux
      fi
      if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
        cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
      fi
      if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
        cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
      fi
      ARGS=("--port" "${REDIS_PORT}")
      ARGS+=("--protected-mode" "no")
      ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
      ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
      /run.sh ${ARGS[@]}
      
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Liveness:       exec [sh -c /health/ping_liveness_local.sh 5] delay=5s timeout=5s period=5s #success=1 #failure=5
    Readiness:      exec [sh -c /health/ping_readiness_local.sh 5] delay=5s timeout=1s period=5s #success=1 #failure=5
    Environment:
      REDIS_REPLICATION_MODE:  master
      ALLOW_EMPTY_PASSWORD:    yes
      REDIS_TLS_ENABLED:       no
      REDIS_PORT:              6379
    Mounts:
      /data from redis-data (rw)
      /health from health (rw)
      /opt/bitnami/redis/etc/ from redis-tmp-conf (rw)
      /opt/bitnami/redis/mounted-etc from config (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kdlx4 (ro)
  metrics:
    Container ID:  
    Image:         docker.io/bitnami/redis-exporter:1.9.0-debian-10-r2
    Image ID:      
    Port:          9121/TCP
    Host Port:     0/TCP
    Command:
      /bin/bash
      -c
      if [[ -f '/secrets/redis-password' ]]; then
      export REDIS_PASSWORD=$(cat /secrets/redis-password)
      fi
      redis_exporter
      
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Environment:
      REDIS_ALIAS:  toolib-dev-redis
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kdlx4 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  redis-data:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  redis-data-toolib-dev-redis-0
    ReadOnly:   false
  health:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      toolib-dev-redis-health
    Optional:  false
  config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      toolib-dev-redis
    Optional:  false
  redis-tmp-conf:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
  kube-api-access-kdlx4:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason       Age    From               Message
  ----     ------       ----   ----               -------
  Normal   Scheduled    2m58s  default-scheduler  Successfully assigned default/toolib-dev-redis-0 to pool-8gb-4vcpu-8s3aw
  Warning  FailedMount  55s    kubelet            Unable to attach or mount volumes: unmounted volumes=[redis-data], unattached volumes=[health redis-data config redis-tmp-conf kube-api-access-kdlx4]: timed out waiting for the condition
  Warning  FailedMount  47s    kubelet            MountVolume.SetUp failed for volume "pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081" : mount failed: exit status 32
Mounting command: mount
Mounting arguments: -t nfs -o vers=3 10.245.165.123:/export/pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081 /var/lib/kubelet/pods/384b9414-5522-4731-96e6-28c7d5514c29/volumes/kubernetes.io~nfs/pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081
Output: mount.nfs: Connection timed out

聚氯乙烯:

Name:          redis-data-toolib-dev-redis-0
Namespace:     default
StorageClass:  nfs
Status:        Bound
Volume:        pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081
Labels:        app=redis
               component=master
               heritage=Helm
               release=toolib-dev
               role=master
Annotations:   pv.kubernetes.io/bind-completed: yes
               pv.kubernetes.io/bound-by-controller: yes
               volume.beta.kubernetes.io/storage-provisioner: cluster.local/toolib-dev-nfs-server-provisioner
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      1Gi
Access Modes:  RWO
VolumeMode:    Filesystem
Used By:       toolib-dev-redis-0
Events:        <none>

PV:

Name:            pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081
Labels:          <none>
Annotations:     EXPORT_block:
                   
                   EXPORT
                   {
                     Export_Id = 3;
                     Path = /export/pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081;
                     Pseudo = /export/pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081;
                     Access_Type = RW;
                     Squash = no_root_squash;
                     SecType = sys;
                     Filesystem_id = 3.3;
                     FSAL {
                       Name = VFS;
                     }
                   }
                 Export_Id: 3
                 Project_Id: 0
                 Project_block: 
                 Provisioner_Id: 395bd01e-ad2b-11e9-8ba9-da1e9ed97b98
                 kubernetes.io/createdby: nfs-dynamic-provisioner
                 pv.kubernetes.io/provisioned-by: cluster.local/toolib-dev-nfs-server-provisioner
Finalizers:      [kubernetes.io/pv-protection]
StorageClass:    nfs
Status:          Bound
Claim:           default/redis-data-toolib-dev-redis-0
Reclaim Policy:  Delete
Access Modes:    RWO
VolumeMode:      Filesystem
Capacity:        1Gi
Node Affinity:   <none>
Message:         
Source:
    Type:      NFS (an NFS mount that lasts the lifetime of a pod)
    Server:    10.245.165.123
    Path:      /export/pvc-0f1b9dca-e53a-47e5-aaa9-a0c33af58081
    ReadOnly:  false
Events:        <none>

kube-api-access 在这个 kubernetes 版本中好像是新的,不知道怎么处理

我尝试了什么:

关于堆栈的第一个问题,希望我能得到帮助,谢谢!

0 个答案:

没有答案