Amazon web services 无法在kubernetes吊舱中装入只读卷(在AWS EKS中使用EFS CSI驱动程序)
我安装了,并让他们的示例发挥作用:我能够启动一个附加到EFS卷上的文件的pod。我可以删除pod并启动另一个pod来检查该文件,并确认第一个pod写入的数据仍然存在。但我实际上需要做的是以只读方式装入该卷,而我在那里没有运气 请注意,在成功运行该示例之后,我启动了一个EC2实例,并在其中安装了EFS文件系统,然后添加了我的POD需要以只读方式访问的数据。然后我卸载了EFS文件系统并终止了实例 使用下面的配置(基于上面提到的静态配置示例),我的pod不会启动Amazon web services 无法在kubernetes吊舱中装入只读卷(在AWS EKS中使用EFS CSI驱动程序),amazon-web-services,kubernetes,nfs,amazon-eks,efs,Amazon Web Services,Kubernetes,Nfs,Amazon Eks,Efs,我安装了,并让他们的示例发挥作用:我能够启动一个附加到EFS卷上的文件的pod。我可以删除pod并启动另一个pod来检查该文件,并确认第一个pod写入的数据仍然存在。但我实际上需要做的是以只读方式装入该卷,而我在那里没有运气 请注意,在成功运行该示例之后,我启动了一个EC2实例,并在其中安装了EFS文件系统,然后添加了我的POD需要以只读方式访问的数据。然后我卸载了EFS文件系统并终止了实例 使用下面的配置(基于上面提到的静态配置示例),我的pod不会启动运行;它保留在ContainerCrea
运行
;它保留在ContainerCreating
中
存储类别:
$ kubectl get sc efs-sc -o yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"storage.k8s.io/v1","kind":"StorageClass","metadata":{"annotations":{},"name":"efs-sc"},"provisioner":"efs.csi.aws.com"}
creationTimestamp: "2020-01-12T05:36:13Z"
name: efs-sc
resourceVersion: "809880"
selfLink: /apis/storage.k8s.io/v1/storageclasses/efs-sc
uid: 71ecce62-34fd-11ea-8a5f-124f4ee64e8d
provisioner: efs.csi.aws.com
reclaimPolicy: Delete
volumeBindingMode: Immediate
$ kubectl get pvc efs-claim-ro -o yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{},"name":"efs-claim-ro","namespace":"default"},"spec":{"accessModes":["ReadOnlyMany"],"resources":{"requests":{"storage":"5Gi"}},"storageClassName":"efs-sc"}}
pv.kubernetes.io/bind-completed: "yes"
pv.kubernetes.io/bound-by-controller: "yes"
creationTimestamp: "2020-01-12T05:39:18Z"
finalizers:
- kubernetes.io/pvc-protection
name: efs-claim-ro
namespace: default
resourceVersion: "810234"
selfLink: /api/v1/namespaces/default/persistentvolumeclaims/efs-claim-ro
uid: e0498cae-34fd-11ea-8a5f-124f4ee64e8d
spec:
accessModes:
- ReadOnlyMany
resources:
requests:
storage: 5Gi
storageClassName: efs-sc
volumeMode: Filesystem
volumeName: efs-pv-ro
status:
accessModes:
- ReadOnlyMany
capacity:
storage: 5Gi
phase: Bound
持久卷(这是群集中唯一使用EFS存储类的PV):
持久卷声明(这是群集中唯一尝试使用EFS存储类的PVC:
$ kubectl get sc efs-sc -o yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"storage.k8s.io/v1","kind":"StorageClass","metadata":{"annotations":{},"name":"efs-sc"},"provisioner":"efs.csi.aws.com"}
creationTimestamp: "2020-01-12T05:36:13Z"
name: efs-sc
resourceVersion: "809880"
selfLink: /apis/storage.k8s.io/v1/storageclasses/efs-sc
uid: 71ecce62-34fd-11ea-8a5f-124f4ee64e8d
provisioner: efs.csi.aws.com
reclaimPolicy: Delete
volumeBindingMode: Immediate
$ kubectl get pvc efs-claim-ro -o yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{},"name":"efs-claim-ro","namespace":"default"},"spec":{"accessModes":["ReadOnlyMany"],"resources":{"requests":{"storage":"5Gi"}},"storageClassName":"efs-sc"}}
pv.kubernetes.io/bind-completed: "yes"
pv.kubernetes.io/bound-by-controller: "yes"
creationTimestamp: "2020-01-12T05:39:18Z"
finalizers:
- kubernetes.io/pvc-protection
name: efs-claim-ro
namespace: default
resourceVersion: "810234"
selfLink: /api/v1/namespaces/default/persistentvolumeclaims/efs-claim-ro
uid: e0498cae-34fd-11ea-8a5f-124f4ee64e8d
spec:
accessModes:
- ReadOnlyMany
resources:
requests:
storage: 5Gi
storageClassName: efs-sc
volumeMode: Filesystem
volumeName: efs-pv-ro
status:
accessModes:
- ReadOnlyMany
capacity:
storage: 5Gi
phase: Bound
这是Pod。它保持在ContainerCreating
中,并且不会切换到Running
:
$ kubectl get pod efs-app -o yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"efs-app","namespace":"default"},"spec":{"containers":[{"args":["infinity"],"command":["sleep"],"image":"centos","name":"app","volumeMounts":[{"mountPath":"/data","name":"persistent-storage","subPath":"mmad"}]}],"volumes":[{"name":"persistent-storage","persistentVolumeClaim":{"claimName":"efs-claim-ro"}}]}}
kubernetes.io/psp: eks.privileged
creationTimestamp: "2020-01-12T06:07:08Z"
name: efs-app
namespace: default
resourceVersion: "813420"
selfLink: /api/v1/namespaces/default/pods/efs-app
uid: c3b8421b-3501-11ea-b164-0a9483e894ed
spec:
containers:
- args:
- infinity
command:
- sleep
image: centos
imagePullPolicy: Always
name: app
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /data
name: persistent-storage
subPath: mmad
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-z97dh
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-192-168-254-51.ec2.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim-ro
- name: default-token-z97dh
secret:
defaultMode: 420
secretName: default-token-z97dh
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2020-01-12T06:07:08Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2020-01-12T06:07:08Z"
message: 'containers with unready status: [app]'
reason: ContainersNotReady
status: "False"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2020-01-12T06:07:08Z"
message: 'containers with unready status: [app]'
reason: ContainersNotReady
status: "False"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2020-01-12T06:07:08Z"
status: "True"
type: PodScheduled
containerStatuses:
- image: centos
imageID: ""
lastState: {}
name: app
ready: false
restartCount: 0
state:
waiting:
reason: ContainerCreating
hostIP: 192.168.254.51
phase: Pending
qosClass: BestEffort
startTime: "2020-01-12T06:07:08Z"
我不确定子路径
是否适用于此配置,但无论子路径
是否在Pod配置中,都会出现相同的问题
问题似乎确实出在卷上。如果我注释掉volumes
和volumeMounts
部分,pod就会运行
PVC似乎已与正确的PV绑定,但pod未启动。
我在上面的输出中看不到任何线索,但也许我遗漏了什么
Kubernetes版本:
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.8", GitCommit:"211047e9a1922595eaa3a1127ed365e9299a6c23", GitTreeState:"clean", BuildDate:"2019-10-15T12:11:03Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"14+", GitVersion:"v1.14.9-eks-c0eccc", GitCommit:"c0eccca51d7500bb03b2f163dd8d534ffeb2f7a2", GitTreeState:"clean", BuildDate:"2019-12-22T23:14:11Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
aws efs csi驱动程序版本:v.0.2.0。请注意,其中一项要求是在版本1.13.4+中安装Golang,但您有go1.12.12。因此您必须对其进行更新。如果您是从较旧版本的Go升级,则必须首先删除现有版本。 请看这里: Kubernetes 1.14版及更高版本的Amazon EKS群集和工作节点支持此驱动程序。Amazon EKS群集不支持Amazon EFS CSI驱动程序的Alpha功能。 无法在kubernetes吊舱中装入只读卷(在AWS EKS中使用EFS CSI驱动程序)。请尝试将访问模式更改为:
accessModes:
- ReadWriteMany
您可以在此处找到更多信息:
确保在创建EFS文件系统时,可以从Kubernetes群集访问该文件系统。这可以通过在与Kubernetes群集相同的VPC内创建文件系统或使用VPC对等来实现
静态资源调配—首先需要手动创建EFS文件系统,然后可以使用驱动程序将其作为持久卷(PV)装入容器中。
装载选项—可以在持久性卷(PV)中指定装载选项,以定义应如何装载卷。除了正常装载选项外,还可以将tls指定为装载选项,以在EFS文件系统传输过程中启用加密
因为AmazonEFS是一个弹性文件系统,所以它不强制执行任何文件系统容量
限制。永久卷和永久卷声明中的实际存储容量值
创建文件系统时不使用。但是,因为存储容量是必填字段
在Kubernetes中,必须指定一个有效值,如本例中的5Gi
不限制您的Amazon EFS文件系统的大小请注意,其中一项要求是安装Golang的版本为1.13.4+,但您有go1.12.12。因此,您必须对其进行更新。如果您是从旧版本的Go升级,则必须先删除现有版本。 请看这里: Kubernetes 1.14版及更高版本的Amazon EKS群集和工作节点支持此驱动程序。Amazon EKS群集不支持Amazon EFS CSI驱动程序的Alpha功能。 无法在kubernetes吊舱中装入只读卷(在AWS EKS中使用EFS CSI驱动程序)。请尝试将访问模式更改为:
accessModes:
- ReadWriteMany
您可以在此处找到更多信息:
确保在创建EFS文件系统时,可以从Kubernetes群集访问该文件系统。这可以通过在与Kubernetes群集相同的VPC内创建文件系统或使用VPC对等来实现
静态资源调配—首先需要手动创建EFS文件系统,然后可以使用驱动程序将其作为持久卷(PV)装入容器中。
装载选项—可以在持久性卷(PV)中指定装载选项,以定义应如何装载卷。除了正常装载选项外,还可以将tls指定为装载选项,以在EFS文件系统传输过程中启用加密
因为AmazonEFS是一个弹性文件系统,所以它不强制执行任何文件系统容量
限制。永久卷和永久卷声明中的实际存储容量值
创建文件系统时不使用。但是,因为存储容量是必填字段
在Kubernetes中,必须指定一个有效值,如本例中的5Gi
不限制Amazon EFS文件系统的大小