Kubernetes 手动AKS PV出现故障,并出现“故障”;卷“的新SmbGlobalMapping MountVolume.SetUp失败;错误
我正在尝试在Windows AKS pod上装载azureFile卷,但出现错误: kubelet,MountVolume.SetUp卷“fileshare”的安装失败: 新SmbGlobalMapping失败:fork/exec C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe:该 参数不正确,输出:“ 我的pod.yml看起来像:Kubernetes 手动AKS PV出现故障,并出现“故障”;卷“的新SmbGlobalMapping MountVolume.SetUp失败;错误,kubernetes,azure-aks,Kubernetes,Azure Aks,我正在尝试在Windows AKS pod上装载azureFile卷,但出现错误: kubelet,MountVolume.SetUp卷“fileshare”的安装失败: 新SmbGlobalMapping失败:fork/exec C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe:该 参数不正确,输出:“ 我的pod.yml看起来像: apiVersion: v1 kind: Pod metadata: name: q-pod
apiVersion: v1
kind: Pod
metadata:
name: q-pod-sample-03
namespace: mq
spec:
containers:
- image: test.azurecr.io/q/p:01
name: q-ctr-sample-03
imagePullPolicy: "IfNotPresent"
volumeMounts:
- name: azfileshare
mountPath: 'c:/app/app-data'
nodeSelector:
"beta.kubernetes.io/os": windows
volumes:
- name: azfs
azureFile:
secretName: qastapv-share-01-secret
shareName: qastapv-share-01
readOnly: false
apiVersion: v1
kind: Secret
metadata:
name: qastapv-share-01-secret
namespace: mq
type: Opaque
data:
azurestorageaccountname: <Base64Str>
azurestorageaccountkey: <Base64Str>
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-azfs-q-01
namespace: mq
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
azureFile:
secretName: qastapv-share-01-secret
shareName: qastapv-share-01
readOnly: false
mountOptions:
- dir_mode=0777
- file_mode=0777
- uid=1000
- gid=1000
我的秘密.yml看起来像:
apiVersion: v1
kind: Pod
metadata:
name: q-pod-sample-03
namespace: mq
spec:
containers:
- image: test.azurecr.io/q/p:01
name: q-ctr-sample-03
imagePullPolicy: "IfNotPresent"
volumeMounts:
- name: azfileshare
mountPath: 'c:/app/app-data'
nodeSelector:
"beta.kubernetes.io/os": windows
volumes:
- name: azfs
azureFile:
secretName: qastapv-share-01-secret
shareName: qastapv-share-01
readOnly: false
apiVersion: v1
kind: Secret
metadata:
name: qastapv-share-01-secret
namespace: mq
type: Opaque
data:
azurestorageaccountname: <Base64Str>
azurestorageaccountkey: <Base64Str>
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-azfs-q-01
namespace: mq
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
azureFile:
secretName: qastapv-share-01-secret
shareName: qastapv-share-01
readOnly: false
mountOptions:
- dir_mode=0777
- file_mode=0777
- uid=1000
- gid=1000
我错过了什么?
我使用的是AKS 1.14。正如我看到的,您的yaml文件中有一些错误。首先,在pod yaml文件中:
apiVersion: v1
kind: Pod
metadata:
name: q-pod-sample-03
namespace: mq
spec:
containers:
- image: test.azurecr.io/q/p:01
name: q-ctr-sample-03
imagePullPolicy: "IfNotPresent"
volumeMounts:
- name: azfileshare
mountPath: 'c:/app/app-data'
nodeSelector:
"beta.kubernetes.io/os": windows
volumes:
- name: azfileshare # this name should be the same with the name in volumeMounts
azureFile:
secretName: qastapv-share-01-secret
shareName: qastapv-share-01
readOnly: false
我不知道如何将存储帐户名和密钥转换为base64。我还展示了两种在AKS中创建秘密的方法
一种是使用命令创建,如下所示:
kubectl create secret generic azure-secret --from-literal=azurestorageaccountname=$AKS_PERS_STORAGE_ACCOUNT_NAME --from-literal=azurestorageaccountkey=$STORAGE_KEY
echo 'storageAccountName' | base64
echo 'storageAccountKey' | base64
第二种方法是使用yaml文件,将存储帐户名和密钥转换为base64,并在yaml文件中输入,如下所示:
kubectl create secret generic azure-secret --from-literal=azurestorageaccountname=$AKS_PERS_STORAGE_ACCOUNT_NAME --from-literal=azurestorageaccountkey=$STORAGE_KEY
echo 'storageAccountName' | base64
echo 'storageAccountKey' | base64
显示和输入上述命令的输出时显示yaml文件
按照上述步骤,您不需要创建PV个人
有关更多详细信息,请参阅。如果你想使用PV/PVC,看看
更新:
如果使用yaml文件创建机密,还需要注意将字符串转换为base64的操作系统。对于base64,不同的操作系统可能有不同的规则。对于您来说,您使用Windows节点,因此需要在Windows系统上将存储帐户名和密钥转换为base64。下面是要转换的PowerShell命令:
$Name= [System.Text.Encoding]::UTF8.GetBytes("storageAccountName ")
[System.Convert]::ToBase64String($Name )
$Key = [System.Text.Encoding]::UTF8.GetBytes("storageAccountKey")
[System.Convert]::ToBase64String($Key)
Pod创建再次失败:*卷“azfileshare”的MountVolume.SetUp失败:新SmbGlobalMapping失败:退出状态1,输出:“新建SmbGlobalMapping:参数不正确\r\n行:1个字符:190\r\n+。。。ser$PWord;新建SmbGlobalMapping-RemotePath$Env:SMBMRemotePath-Cred…\r\n+~~~~~~~~\r\n+类别信息:InvalidArgument:(MSFT\u SmbGlobalMapping:ROOT/Microsoft/…mbGlobalMapping)[新建SmbGloba\r\n lMapping],CimException\r\n+FullyQualifiederRoid:Windows系统错误87,新建SmbGlobalMapping\r\n\r\n\r\n“**如果我从cmdline创建机密,则它会工作。但现在出现了不同的错误:*未能拉取映像“test.azurecr.io/q/p:01”:rpc错误:code=Unknown desc=来自守护进程的错误响应:Get:unauthorized:authentication required**我按照@Sam所述的步骤操作了这是一个正常错误。您可以检查是否使用了错误的图像。您还需要在ACR中检查AKS在其访问控制中是否被允许。@Sam I更新使用yaml文件创建机密的答案。你的错误是由操作系统造成的。我没有意识到我需要同时转换密钥和名称。但现在它就像一个符咒。谢谢