Amazon web services Kubernetes mount.nfs:在EKS上装载时服务器拒绝访问
我正在尝试使用PV和PVC作为NFS挂载,在AWS EKS上的prem共享上挂载windows NAS。 EKS节点位于NAT网关后面,因此NAS共享已导出到NAT网关的专用ip。 在此之后,当我试图将NFS卷装载到应用程序上时,我遇到了拒绝访问错误。 我的PV如下所述:Amazon web services Kubernetes mount.nfs:在EKS上装载时服务器拒绝访问,amazon-web-services,amazon-eks,mount,nfs,nas,Amazon Web Services,Amazon Eks,Mount,Nfs,Nas,我正在尝试使用PV和PVC作为NFS挂载,在AWS EKS上的prem共享上挂载windows NAS。 EKS节点位于NAT网关后面,因此NAS共享已导出到NAT网关的专用ip。 在此之后,当我试图将NFS卷装载到应用程序上时,我遇到了拒绝访问错误。 我的PV如下所述: apiVersion: v1 kind: PersistentVolume metadata: name: app1 spec: accessModes: - ReadWriteMany capacity:
apiVersion: v1
kind: PersistentVolume
metadata:
name: app1
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 50Gi
nfs:
path: "/vol/dir1/subdir Store"
server: 10.999.85.108
mountOptions:
- nfsvers=3
claimRef:
namespace: dev
name: app1
persistentVolumeReclaimPolicy: Retain
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: app1
namespace: dev
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Gi
volumeName: app1
volumeMode: Filesystem
storageClassName: ""
apiVersion: v1
kind: Pod
metadata:
annotations:
kubernetes.io/psp: eks.privileged
name: app1
namespace: dev
spec:
containers:
- command:
- R
- -e app1::runapp1()
image: registry/app1Image
imagePullPolicy: Always
name: app1
ports:
- containerPort: 3838
protocol: TCP
resources: {}
securityContext:
privileged: false
volumeMounts:
- mountPath: /mnt/store_ch
name: app1
nodeName: ip-10-64-199-10.ec2.internal
restartPolicy: Always
securityContext:
runAsGroup: 101
runAsUser: 1000
volumes:
- name: app1
persistentVolumeClaim:
claimName: app1
readOnly: true
我的pvc如下所述:
apiVersion: v1
kind: PersistentVolume
metadata:
name: app1
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 50Gi
nfs:
path: "/vol/dir1/subdir Store"
server: 10.999.85.108
mountOptions:
- nfsvers=3
claimRef:
namespace: dev
name: app1
persistentVolumeReclaimPolicy: Retain
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: app1
namespace: dev
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Gi
volumeName: app1
volumeMode: Filesystem
storageClassName: ""
apiVersion: v1
kind: Pod
metadata:
annotations:
kubernetes.io/psp: eks.privileged
name: app1
namespace: dev
spec:
containers:
- command:
- R
- -e app1::runapp1()
image: registry/app1Image
imagePullPolicy: Always
name: app1
ports:
- containerPort: 3838
protocol: TCP
resources: {}
securityContext:
privileged: false
volumeMounts:
- mountPath: /mnt/store_ch
name: app1
nodeName: ip-10-64-199-10.ec2.internal
restartPolicy: Always
securityContext:
runAsGroup: 101
runAsUser: 1000
volumes:
- name: app1
persistentVolumeClaim:
claimName: app1
readOnly: true
吊舱舱单如下所述:
apiVersion: v1
kind: PersistentVolume
metadata:
name: app1
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 50Gi
nfs:
path: "/vol/dir1/subdir Store"
server: 10.999.85.108
mountOptions:
- nfsvers=3
claimRef:
namespace: dev
name: app1
persistentVolumeReclaimPolicy: Retain
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: app1
namespace: dev
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Gi
volumeName: app1
volumeMode: Filesystem
storageClassName: ""
apiVersion: v1
kind: Pod
metadata:
annotations:
kubernetes.io/psp: eks.privileged
name: app1
namespace: dev
spec:
containers:
- command:
- R
- -e app1::runapp1()
image: registry/app1Image
imagePullPolicy: Always
name: app1
ports:
- containerPort: 3838
protocol: TCP
resources: {}
securityContext:
privileged: false
volumeMounts:
- mountPath: /mnt/store_ch
name: app1
nodeName: ip-10-64-199-10.ec2.internal
restartPolicy: Always
securityContext:
runAsGroup: 101
runAsUser: 1000
volumes:
- name: app1
persistentVolumeClaim:
claimName: app1
readOnly: true
在这种情况下,我还需要做什么?
我已确保为NFS流量打开了适当的端口。
有人能帮忙吗