我一直遵循this指南,以便将IBM Cloud对象存储添加到我的集群中。
虽然我已将其与标准群集一起使用,但是在尝试将COS连接到VPC群集时遇到了问题。 (不是同一对象存储库,也不是集群。两个完全不同的环境)
我启用了VRF(并且已经批准),并且已经使用s3.direct端点创建了自己的存储类。
但是,存储类似乎无法提供卷。我收到的错误是来自TokenManagerRetrieveError:检索令牌时出错。我找不到有关此案的任何文档。我已经检查了帐户IAM令牌,它们已经到位。以下是来自以下命令的事件。尤其参见第二段。
这是我创建的存储类:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: cos-vpc
namespace: default
parameters:
ibm.io/chunk-size-mb: "16"
ibm.io/curl-debug: "false"
ibm.io/debug-level: "warn"
ibm.io/iam-endpoint: "https://iam.bluemix.net"
ibm.io/kernel-cache: "true"
ibm.io/multireq-max: "20"
ibm.io/object-store-endpoint: "https://s3.direct.eu-de.cloud-object-storage.appdomain.cloud"
ibm.io/object-store-storage-class: eu-de-standard
ibm.io/parallel-count: "2"
ibm.io/s3fs-fuse-retry-count: "5"
ibm.io/stat-cache-size: "100000"
ibm.io/tls-cipher-suite: AESGCM
provisioner: "ibm.io/ibmc-s3fs"
reclaimPolicy: Delete
volumeBindingMode: Immediate
这是pvc:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hasher-java-pvc
namespace: default
annotations:
ibm.io/auto-create-bucket: "false"
ibm.io/auto-delete-bucket: "false"
ibm.io/bucket: uia-bucket2
ibm.io/secret-name: cos-write-access
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "13Gi"
storageClassName: "cos-vpc"
描述pvc。
Name: hasher-java-pvc
Namespace: default
StorageClass: cos-vpc
Status: Pending
Volume:
Labels: <none>
Annotations: ibm.io/auto-create-bucket: false
ibm.io/auto-delete-bucket: false
ibm.io/bucket: uia-bucket2
ibm.io/secret-name: cos-write-access
volume.beta.kubernetes.io/storage-provisioner: ibm.io/ibmc-s3fs
Finalizers: [kubernetes.io/pvc-protection]
Capacity:
Access Modes:
VolumeMode: Filesystem
Mounted By: hasher-java-7c44896747-d5g8q
hasher-java-7c44896747-gm2m9
hasher-java-7c44896747-qhrxm
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Provisioning 4m52s (x3 over 5m53s) ibm.io/ibmc-s3fs_ibmcloud-object-storage-plugin-d76dc998c-5wsx5_0f82cf0d-69e3-11ea-bdd1-2a0e250d0c0b External provisioner is provisioning volume for claim "default/hasher-java-pvc"
Warning ProvisioningFailed 4m22s (x3 over 5m23s) ibm.io/ibmc-s3fs_ibmcloud-object-storage-plugin-d76dc998c-5wsx5_0f82cf0d-69e3-11ea-bdd1-2a0e250d0c0b failed to provision volume with StorageClass "cos-vpc": hasher-java-pvc:bppmei1f05qovjlv74vg:cannot access bucket uia-bucket2: TokenManagerRetrieveError: error retrieving the token
Normal ExternalProvisioning 12s (x24 over 5m53s) persistentvolume-controller waiting for a volume to be created, either by external provisioner "ibm.io/ibmc-s3fs" or manually created by system administrator
非常感谢您的帮助。
为我工作。
1。您是否在vpc中有任何ACL?
apiVersion:v1项目:-apiVersion:v1种类:PersistentVolumeClaim元数据:注释:ibm.io/auto-create-bucket:“假”ibm.io/auto-delete-bucket:“假”ibm.io/存储桶:cglxxxx-nexxxx-app-dataibm.io/端点:https://s3.direct.us-south.cloud-object-storage.appdomain.cloudibm.io/秘密名称:cos-write-access-cxxxxxpv.kubernetes.io/bind-completed:“是”pv.kubernetes.io/控制器绑定:“是”volume.beta.kubernetes.io/storage-provisioner:ibm.io/ibmc-s3fscreationTimestamp:“ 2019-11-10T19:27:15Z”终结者:-kubernetes.io/pvc保护名称:neuxxx-data命名空间:neuxxxxresourceVersion:“ 22086”selfLink:/ api / v1 /名称空间/ neuxxxxx / persistentvolumeclaims / neuxxxxx-datauid:8a31c4cb-a263-4387-adee-xxxxxxxx规格:accessModes:-ReadWriteMany资源:要求:储存空间:1GistorageClassName:ibmc-s3fs-standard-regionalvolumeMode:文件系统volumeName:pvc-8a31c4cb-a263-4387-adee-xxxxxx状态:accessModes:-ReadWriteMany容量:储存空间:1Gi阶段:绑定种类:清单元数据:resourceVersion:“”selfLink:“”
名称状态容量容量访问模式存储类别年龄neuxxxx-data绑定pvc-8a31c4cb-a263-4387-adee-c1cdead02042 1Gi RWX ibmc-s3fs-standard-regional 134d