无法将静态配置的 EBS 卷附加到 EKS 节点
问题描述 投票:0回答:2
我已按照文档此处配置我的 EKS 设置以支持 EBS。我已经通过成功部署动态配置EBS 卷验证了这一点。我现在尝试使用静态配置但失败了。
我的卷已准备好附加到 AWS 控制台中:
我已验证新的静态配置卷的 PV 和 PVC 正常(
firehose-mainnet-test-volumevol-0a493db74622155d0 ❯❯❯ k get pv
k get pvc
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
firehose-mainnet-reader-test-volume 1000Gi RWO Retain Bound default/firehose-mainnet-reader-test-volume-claim io2 103m
mercury-ipfs-ipfs-efs-pv 20Gi RWX Retain Bound default/mercury-ipfs-ipfs-efs-pvc efs-sc 362d
pvc-e823a3b9-94be-449e-8248-ef1a023d8cc9 2000Gi RWO Delete Bound default/firehose-mainnet-reader-ebs-pvc gp2-ebs-sc 40d
9:27AM /Users/paymahn/code/goldsky/firehose/go-ethereum tags/geth-v1.10.25-fh2 ✱ ◼
❯❯❯ k get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
firehose-mainnet-reader-ebs-pvc Bound pvc-e823a3b9-94be-449e-8248-ef1a023d8cc9 2000Gi RWO gp2-ebs-sc 40d
firehose-mainnet-reader-test-volume-claim Bound firehose-mainnet-reader-test-volume 1000Gi RWO io2 81m
mercury-ipfs-ipfs-efs-pvc Bound mercury-ipfs-ipfs-efs-pv 20Gi RWX efs-sc 362d
描述我的 pod 时该卷无法挂载:
Normal SuccessfulAttachVolume 2m44s attachdetach-controller AttachVolume.Attach succeeded for volume "pvc-e823a3b9-94be-449e-8248-ef1a023d8cc9"
Warning FailedMount 45s kubelet Unable to attach or mount volumes: unmounted volumes=[firehose-mainnet-reader-test-volume-claim], unattached volumes=[kube-api-access-smcss jwt firehose-mainnet-reader-ebs-pvc firehose-mainnet-reader-test-volume-claim]: timed out waiting for the condition
Warning FailedAttachVolume 20s attachdetach-controller AttachVolume.Attach failed for volume "firehose-mainnet-reader-test-volume" : Attach timeout for volume vol-0a493db74622155d0
当我查看
ebs-csi-controllerebs-csi-controller-7485b8586d-jwng9 csi-attacher I1212 12:43:38.294065 1 csi_handler.go:248] Attaching "csi-f61a123c75ba67f92a9482f96ca3fa133d9f4f6af9bc924c545f08a05da4a85e"
ebs-csi-controller-7485b8586d-jwng9 ebs-plugin E1212 12:43:38.651776 1 driver.go:120] GRPC error: rpc error: code = Internal desc = Could not attach volume "vol-0a493db74622155d0" to node "i-0f994790a01e365d2": could not attach volume "vol-0a493db74622155d0" to node "i-0f994790a01e365d2": UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: 86wH2-qNGBPhlKSt0fyV9CfjiZCvdgoQmTX7EmWlB9Dwmj8VjAWo7VaLEobbh4lNuLM0bmCnWOPgntBaRP2jwqap6koIsjikjt4Takcv49FZZ0SmO4GLhqpzBx88k1YAUE3n0DJp_ip6gW-oVvb2FD16tOfU5iJn6dyCUUzGlguhPn20WbzZuYitvpfXlK4m2RSiQDZPDHOesmsDWREN5d-p086kAQAUdLauoNaTd-qDWf497Yh5pwR4WXYM3hWi8SxSSs7y6sQ8idTjj8GHUjJOrsZC_hRCMO-NhOMy-agBwT4gYziOzaZ-AVxlhv7YW27Yd-azNrumAuA4JykN8YtE76h1RFJ16SuIFBrhx4mEsMR-pjuLLnuTbk6hdkXqeoPE9xoIx6pL12HwiblTDOQo8nM2utNK_p0ZYefb1IlJuIjm8CrgbmxyXu5wZWcsZKOnufdTh6G2Hj46kT0OHDI7-NJbyu4d8NkQ5LvQvX_wHVc2JAonNsRj5VuQZZr6G5C1FJrNiu44-LnhWB92LMR9ho7maHegKKrQ-DLy9UHuVS9fq5xNdyEgYAaNFGn8MkJxsSplFUQm25HByt39hCbeuwoYkUHtpite9ufqoMvTElYJBDFkasVec2RxhnYcPuyQ7pPj26IcUquW5wKD
ebs-csi-controller-7485b8586d-jwng9 csi-attacher I1212 12:43:38.660565 1 csi_handler.go:255] Failed to save attach error to "csi-f61a123c75ba67f92a9482f96ca3fa133d9f4f6af9bc924c545f08a05da4a85e": VolumeAttachment.storage.k8s.io "csi-f61a123c75ba67f92a9482f96ca3fa133d9f4f6af9bc924c545f08a05da4a85e" is invalid: status.attachError.message: Too long: must have at most 262144 bytes
ebs-csi-controller-7485b8586d-jwng9 ebs-plugin status code: 403, request id: c1eeb49c-955f-4969-9fcd-1a83933de338
ebs-csi-controller-7485b8586d-jwng9 csi-attacher I1212 12:43:38.660604 1 csi_handler.go:231] Error processing "csi-f61a123c75ba67f92a9482f96ca3fa133d9f4f6af9bc924c545f08a05da4a85e": failed to attach: rpc error: code = Internal desc = Could not attach volume "vol-0a493db74622155d0" to node "i-0f994790a01e365d2": could not attach volume "vol-0a493db74622155d0" to node "i-0f994790a01e365d2": UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: 86wH2-qNGBPhlKSt0fyV9CfjiZCvdgoQmTX7EmWlB9Dwmj8VjAWo7VaLEobbh4lNuLM0bmCnWOPgntBaRP2jwqap6koIsjikjt4Takcv49FZZ0SmO4GLhqpzBx88k1YAUE3n0DJp_ip6gW-oVvb2FD16tOfU5iJn6dyCUUzGlguhPn20WbzZuYitvpfXlK4m2RSiQDZPDHOesmsDWREN5d-p086kAQAUdLauoNaTd-qDWf497Yh5pwR4WXYM3hWi8SxSSs7y6sQ8idTjj8GHUjJOrsZC_hRCMO-NhOMy-agBwT4gYziOzaZ-AVxlhv7YW27Yd-azNrumAuA4JykN8YtE76h1RFJ16SuIFBrhx4mEsMR-pjuLLnuTbk6hdkXqeoPE9xoIx6pL12HwiblTDOQo8nM2utNK_p0ZYefb1IlJuIjm8CrgbmxyXu5wZWcsZKOnufdTh6G2Hj46kT0OHDI7-NJbyu4d8NkQ5LvQvX_wHVc2JAonNsRj5VuQZZr6G5C1FJrNiu44-LnhWB92LMR9ho7maHegKKrQ-DLy9UHuVS9fq5xNdyEgYAaNFGn8MkJxsSplFUQm25HByt39hCbeuwoYkUHtpite9ufqoMvTElYJBDFkasVec2RxhnYcPuyQ7pPj26IcUquW5wKD
ebs-csi-controller-7485b8586d-jwng9 csi-attacher status code: 403, request id: c1eeb49c-955f-4969-9fcd-1a83933de338
如何将静态生成的 ebs 卷附加到我的节点?我已经验证节点和卷都在同一区域,
us-west-2c2个回答
0
投票
投票
原来我的 ebs csi 控制器的服务帐户没有
assumeRolekubectl annotate serviceaccount ebs-csi-controller-sa \
-n kube-system \
eks.amazonaws.com/role-arn=arn:aws:iam::111122223333:role/AmazonEKS_EBS_CSI_DriverRole
0
投票
投票
我也遇到过类似的问题。我试图安装从现有卷的快照创建的新卷。 PV/PVC 创建没有问题,但 pod 在尝试挂载卷时会超时。
我检查了 ebs-csi-controller 日志,发现在尝试附加卷时出现 403 错误。事实证明,ebs-csi-controller 服务帐户使用的 IAM 策略有一个条件,即要挂载卷,它需要“KubernetesCluster:my-cluster-name”标签。
我将缺少的标签添加到 AWS 中的卷中,然后 ebs-csi-controller 可以正确挂载该卷并且我的 pod 启动。
最新问题
- AWS Glue psycopg2 安装
- ImageMagick 与 Bash/Zsh:使用 *.(format1|format2) 与 "*.{format1,format2}"
- 罗斯林和.net5
- 使用 miniconda3 和 geopandas 运行 python docker
- jose 使用过去的日期生成令牌
- 逆向过滤可消除卷积爆炸
- 是否可以动态设置模板字符串?
- Vuetify 2 v 菜单左侧 | (Vuetivy 3 替补)
- 如何捕捉投影?
- 是否可以使用命令行(例如 man clang)获得有关 Clang 的全面帮助/参考信息?
- 如何在 pytest 中设置默认的每个测试超时?
- 有没有办法在VSCode中查看单个js文件的函数输出或控制台日志?没有html,只有一个js文件
- C++ cout 打印顺序与 C printf 相比[重复]
- Aws Api 网关无法加载快速 api swagger 文档页面
- 如何从应用程序引擎追加写入到谷歌云存储文件?
- 如何在 JestJS 中测试嵌套元素?
- 无法使用Java在android studio中找到附近的地方
- 获取按其中一列分组的行顺序
- 尝试向集群层内的标记添加标签和文本
- Lua可以“超时”吗?
© www.soinside.com 2019 - 2024. All rights reserved.