azure-storage - 无法在 AKS 上为 pod 挂载卷
问题描述
我想使用 sonar-qube 并将其部署在 AKS(Azure Kubernetes)上。我想在持久卷上存储声纳日志、数据、conf 和扩展。但是,AKS 似乎由于超时而无法挂载卷。
我已经构建了一个创建卷 + 服务 + 部署和入口的脚本。--> 没有成功
我试图将卷创建与应用程序创建和卷附件分开——>没有成功
但是,卷是在 AZURE 上创建并可用的
配置 :
- AKS 版本:1.14.5
- 硬件类型:标准 DS2 v2(2 vcpus,7 GiB 内存)
这是我用来创建卷的脚本:
#Namespace creation
apiVersion: v1
kind: Namespace
metadata:
name: cicd
labels:
name: cicd
---
#PVC for Sonar’s data directory creation
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonar-data
namespace: cicd
spec:
accessModes:
- ReadWriteOnce
storageClassName: default
resources:
requests:
storage: 5G
---
#PVC for Sonar’s conf directory
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonar-conf
namespace: cicd
spec:
accessModes:
- ReadWriteOnce
storageClassName: default
resources:
requests:
storage: 5Gi
---
#PVC for Sonar’s logs directory
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonar-logs
namespace: cicd
spec:
accessModes:
- ReadWriteOnce
storageClassName: default
resources:
requests:
storage: 10Gi
---
#PVC for Sonar’s extensions directory
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonar-extensions
namespace: cicd
spec:
accessModes:
- ReadWriteOnce
storageClassName: default
resources:
requests:
storage: 5Gi
---
#Create secretKeyRef
apiVersion: v1
kind: Secret
metadata:
name: sonar-secret
namespace: cicd
type: Opaque
data:
password: *****************
这是我用来创建声纳的脚本:
#SonarQube deployment
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: sonarqube
name: sonarqube
namespace: cicd
spec:
replicas: 1
template:
metadata:
labels:
app: sonarqube
spec:
securityContext:
runAsUser: 0
fsGroup: 0
containers:
- name: sonarqube
image: sonarqube:latest
resources:
requests:
cpu: 500m
memory: 1024Mi
limits:
cpu: 2000m
memory: 2048Mi
volumeMounts:
- mountPath: "/opt/sonarqube/data/"
name: sonar-data
- mountPath: "/opt/sonarqube/extensions/"
name: sonar-extensions
- mountPath: "/opt/sonarqube/logs/"
name: sonar-logs
- mountPath: "/opt/sonarqube/conf/"
name: sonar-conf
env:
- name: "SONARQUBE_JDBC_USERNAME"
value: "sonar"
- name: "SONARQUBE_JDBC_URL"
value: "jdbc:sqlserver://internal-sql-az-westeurope.database.windows.net:1433;databaseName=Sonar;user=SONARQUBE_JDBC_USERNAME;password=SONAR_SQL_LOGIN_PASSWORD"
- name: "SONARQUBE_JDBC_PASSWORD"
valueFrom:
secretKeyRef:
name: sonar-secret
key: password
ports:
- containerPort: 9000
protocol: TCP
volumes:
- name: sonar-data
persistentVolumeClaim:
claimName: sonar-data
- name: sonar-extensions
persistentVolumeClaim:
claimName: sonar-extensions
- name: sonar-logs
persistentVolumeClaim:
claimName: sonar-logs
- name: sonar-conf
persistentVolumeClaim:
claimName: sonar-conf
---
# --------------
# Service Object
# --------------
apiVersion: v1
kind: Service
metadata:
labels:
name: sonarqube
name: sonarqube-service
namespace: cicd
spec:
ports:
- port: 80 # Default port for image
protocol: TCP
selector:
name: sonarqube
# -----------------
# Ingress object
# -----------------
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sonarqube-api-ingress
namespace: cicd
annotations:
kubernetes.io/ingress.class: nginx
#Default is 'true'
#nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$1
#https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range
nginx.ingress.kubernetes.io/whitelist-source-range: "******"
spec:
tls:
- hosts:
- sonar.traceparts.com
secretName: aks-ingress-tls-star-traceparts-com
rules:
- host: sonar.traceparts.com
http:
paths:
- backend:
serviceName: sonarqube-service
servicePort: 80
path: /(.*)
有人可以帮助我理解这个问题吗?
解决方案
实际上,当您通过 YAML 文件创建持久卷并将 Azure 磁盘挂载到节点时,您需要等待一段时间,Azure 需要一些时间将磁盘附加到节点。因此,由于磁盘导致的第一次故障没有附加到节点。
刚上漆,稍等片刻,然后用命令检查一下:
kubectl describe pvc --namespace cicd
它显示如下:
顺便说一句,当您创建 AKS 群集时,它的服务主体已经具有节点所在资源组的 Contributor 角色。所以通常权限就足够了,至少对于持久卷而言。
推荐阅读
- amazon-web-services - EC2 实例详细信息
- php - PHP ForEach 循环中的 Bootstrap 4 模式
- .net - 有没有办法使用 .NET 从 Matlab 中的标准输入读取 FFPLAY?
- mysql - MySQL 每部电影的平均流派数
- sql-server - 如何创建一个通过 DATETIME 列更新的 DATE 列
- javascript - 特定数据的加密与 Bcrypt
- teradata - teradata studio 使用 Fastexport 排序导出
- python - Python 值未正确附加到 3D 数组
- firebase - Restrict Firestore access to authenticated users
- python - 熊猫从长到宽