【发布时间】:2019-07-03 11:46:30
【问题描述】:
如何在 GCP 中将 FileStorage 挂载到 Kubernetes pod
我确实按照文档进行了操作,但 pod 仍在等待中
我做到了:
apiVersion: v1
kind: PersistentVolume
metadata:
name: <some name>
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany
nfs:
path: /
server: <filestorage_ip with this format xx.xxx.xxx.xx>
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: <some name>
namespace: <some name>
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 50Gi
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: <some name>
name: <some name>
labels:
app: <some name>
spec:
replicas: 2
selector:
matchLabels:
app: <some name>
template:
metadata:
labels:
app: <some name>
spec:
containers:
- name: <some name>
image: gcr.io/somepath/<some name>@sha256:<some hash>
ports:
- containerPort: 80
volumeMounts:
- name: <some name>
mountPath: /var/www/html
imagePullPolicy: Always
restartPolicy: Always
volumes:
- name: <some name>
persistentVolumeClaim:
claimName: <some name>
readOnly: false
运行kubectl -n <some name> describe pods 返回:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedMount 23m (x52 over 3h21m) kubelet, gke-<some name>-default-pool-<some hash> Unable to mount volumes for pod "<some name>-<some hash>_<some name>(<some hash>)": timeout expired waiting for volumes to attach or mount for pod "<some name>"/"<some name>-<some hash>". list of unmounted volumes=[<some name>-persistent-storage]. list of unattached volumes=[<some name>-persistent-storage default-token-<some hash>]
Warning FailedMount 3m5s (x127 over 3h21m) kubelet, gke-<some name>-default-pool-<some hash> (combined from similar events): MountVolume.SetUp failed for volume "<some name>-storage" : mount failed: exit status 1
Mounting command: systemd-run
Mounting arguments: --description=Kubernetes transient mount for /var/lib/kubelet/pods/<some path>/volumes/kubernetes.io~nfs/<some name>-storage --scope -- /home/kubernetes/containerized_mounter/mounter mount -t nfs <filestorage_ip with this format xx.xxx.xxx.xx>:/ /var/lib/kubelet/pods/<some hash>/volumes/kubernetes.io~nfs/<some name>-storage
Output: Running scope as unit: run-<some hash>.scope
Mount failed: mount failed: exit status 32
Mounting command: chroot
Mounting arguments: [/home/kubernetes/containerized_mounter/rootfs mount -t nfs <filestorage_ip with this format xx.xxx.xxx.xx>:/ /var/lib/kubelet/pods/<some hash>/volumes/kubernetes.io~nfs/<some name>-storage]
Output: mount.nfs: access denied by server while mounting <filestorage_ip with this format xx.xxx.xxx.xx>:/
pod 似乎无法访问 FileStorage 服务的 IP 在文档中说需要在同一个 VPC 上
"授权网络* 文件存储实例只能从授权 VPC 网络上的机器访问。选择您需要访问的网络。”
但是我不知道如何将 Kubernetes 集群添加到 VPC
有什么建议吗?
【问题讨论】:
-
可以添加
gcloud container clusters describe [CLUSTER_NAME]的输出吗?具体来说,我想根据cloud.google.com/kubernetes-engine/docs/how-to/alias-ips 验证它是否处于“别名 IP”模式。此模式最近才成为新的默认模式,因此如果您的集群是在几周前创建的,它可能无法访问 VPC 原生服务。
标签: kubernetes google-cloud-platform vpc google-cloud-filestore