【问题标题】:Jenkins is not mounting the AWS EFS file system and using the default volume insteadJenkins 没有挂载 AWS EFS 文件系统,而是使用默认卷
【发布时间】:2021-10-21 10:58:19
【问题描述】:

我正在尝试在 EKS 上使用带有 EFS 持久性卷的 jenkins。但是,我试图让它使用提供的 EFS 文件系统的所有尝试都没有成功。让我感到奇怪的是,当我使用 busybox 映像进行测试时,EFS 已成功挂载,并且可以看到写入共享存储的数据。

EFS 定义

resource "aws_efs_file_system" "jenkins_shared_file_system" {
  creation_token   = "Jenkins shared file system"
  performance_mode = "generalPurpose"
  throughput_mode  = "bursting"
  encrypted        = true
  tags             = {
    Name = "Jenkins shared file system"
  }
}

resource "aws_efs_mount_target" "jenkins_efs_private_subnet_1_mount_target" {
  file_system_id  = aws_efs_file_system.jenkins_shared_file_system.id
  subnet_id       = aws_subnet.ci_cd_private_subnet_1.id
  security_groups = [aws_security_group.jenkins_efs_sg.id]
}

resource "aws_efs_mount_target" "jenkins_efs_private_subnet_2_mount_target" {
  file_system_id  = aws_efs_file_system.jenkins_shared_file_system.id
  subnet_id       = aws_subnet.ci_cd_private_subnet_2.id
  security_groups = [aws_security_group.jenkins_efs_sg.id]
}

resource "aws_efs_access_point" "jenkins_efs_access_point" {
  file_system_id = aws_efs_file_system.jenkins_shared_file_system.id
  tags = {
    Name = "Jenkins EFS access point"
  }
  posix_user {
    gid = 1000
    uid = 1000
  }
  root_directory  {
    path          = "/jenkins"
    creation_info  {
      owner_uid   = 1000
      owner_gid   = 1000
      permissions = 777
    }
  }
}

按照https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html 的说明安装 CSI 驱动程序

这里是持久化配置

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: efs-sc
provisioner: efs.csi.aws.com

---

apiVersion: v1
kind: PersistentVolume
metadata:
  name: efs-pv
  namespace: jenkins
spec:
  capacity:
    storage: 5Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: efs-sc
  csi:
    driver: efs.csi.aws.com
    volumeHandle: fs-12345::fsap-12345

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: efs-pvc
  namespace: jenkins
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: efs-sc
  resources:
    requests:
      storage: 5Gi

和詹金斯价值观配置

controller:
  componentName: jenkins-controller
  image: "jenkins/jenkins"
  tag: lts-jdk11
  imagePullPolicy: IfNotPresent
  installPlugins: false
  disableRememberMe: false
  resources:
    requests:
      cpu: 2
      memory: 2Gi
    limits:
      cpu: 6
      memory: 4Gi
  runAsUser: 1000
  fsGroup: 1000
  serviceType: ClusterIP
  persistence:
    enabled: true
    existingClaim: efs-pvc
    storageClassName: efs-sc

  ingress:
    enabled: true
    apiVersion: "networking.k8s.io/v1"
    ingressClassName: nginx
    kubernetes.io/ingress.class: nginx
    rules:
    - host: foo.jenkins.com
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: jenkins
              port:
                number: 80
    tls:
     - secretName: jenkins-tls
       hosts:
         - foo.jenkins.com

使用 helm 部署 jenkins 之前的输出

kubernetes git:(jenkins) ✗ kc get sc,pv,pvc -n jenkins
NAME                                        PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
storageclass.storage.k8s.io/efs-sc          efs.csi.aws.com         Delete          Immediate              false                  11m
storageclass.storage.k8s.io/gp2 (default)   kubernetes.io/aws-ebs   Delete          WaitForFirstConsumer   false                  69m

NAME                      CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM             STORAGECLASS   REASON   AGE
persistentvolume/efs-pv   5Gi        RWX            Retain           Bound    jenkins/efs-pvc   efs-sc                  11m

NAME                            STATUS   VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
persistentvolumeclaim/efs-pvc   Bound    efs-pv   5Gi        RWX            efs-sc         11m

部署后

NAME                                        PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
storageclass.storage.k8s.io/efs-sc          efs.csi.aws.com         Delete          Immediate              false                  15m
storageclass.storage.k8s.io/gp2 (default)   kubernetes.io/aws-ebs   Delete          WaitForFirstConsumer   false                  73m

NAME                                                        CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM             STORAGECLASS   REASON   AGE
persistentvolume/efs-pv                                     5Gi        RWX            Retain           Bound    jenkins/efs-pvc   efs-sc                  15m
persistentvolume/pvc-94adfdfb-a1db-4f16-8189-84ac20474607   8Gi        RWO            Delete           Bound    jenkins/jenkins   gp2                     12s

NAME                            STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
persistentvolumeclaim/efs-pvc   Bound    efs-pv                                     5Gi        RWX            efs-sc         15m
persistentvolumeclaim/jenkins   Bound    pvc-94adfdfb-a1db-4f16-8189-84ac20474607   8Gi        RWO            gp2            17s

当我在 pod 内执行时,mount 的输出显示没有 NFS 挂载卷。这真的很奇怪

非常感谢任何帮助。谢谢!

【问题讨论】:

    标签: jenkins kubernetes kubernetes-helm amazon-eks amazon-efs


    【解决方案1】:

    经过一整天的头撞墙后,良好的休息和清醒的头脑帮助我解决了这个问题。 问题是持久化块应该是独立的,而不是在控制器块之下。

    persistence:
        enabled: true
        existingClaim: efs-pvc
        storageClassName: efs-sc
    
    controller:
      componentName: jenkins-controller
      image: "jenkins/jenkins"
      tag: lts-jdk11
      imagePullPolicy: IfNotPresent
      installPlugins: false
      disableRememberMe: false
      resources:
        requests:
          cpu: 2
          memory: 2Gi
        limits:
          cpu: 6
          memory: 4Gi
      runAsUser: 1000
      fsGroup: 1000
      serviceType: ClusterIP
      
    
      ingress:
        enabled: true
        apiVersion: "networking.k8s.io/v1"
        ingressClassName: nginx
        kubernetes.io/ingress.class: nginx
        rules:
        - host: foo.jenkins.com
          http:
            paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: jenkins
                  port:
                    number: 80
        tls:
         - secretName: jenkins-tls
           hosts:
             - foo.jenkins.com
    
    
    

    【讨论】:

      猜你喜欢
      • 2021-06-08
      • 2019-05-11
      • 2022-01-16
      • 1970-01-01
      • 2021-12-03
      • 2022-01-24
      • 1970-01-01
      • 2019-07-22
      • 1970-01-01
      相关资源
      最近更新 更多