Kubernetes NFS服务器pod挂载适用于pod ip,但不适用于kubernetes服务
[英]Kubernetes NFS server pod mount works with pod ip but not with kubernetes service
问题描述
I created a nfs server in a pod to use it as a volume. 
我在一个pod中创建了一个nfs服务器,将其用作卷。 When creating another pod with a volume, the volume mount does work with the ip of the nfs pod. 使用卷创建另一个pod时,卷装置可以使用nfs pod的ip。 Since this ip is not guaranteed to stay the same, I added a service for my nfs pod and added a fixed cluster ip. 由于这个ip不保证保持不变,我为我的nfs pod添加了一项服务并添加了一个固定的集群ip。 When starting the container with the volume mount, it always fails with the following error: 使用卷装入启动容器时,它始终失败并显示以下错误:
Unable to mount volumes for pod "nginx_default(35ecd8ec-a077-11e8-b7bc-0cc47a9aec96)": timeout expired waiting for volumes to attach or mount for pod "default"/"nginx".
apiVersion: v1
kind: Pod
metadata:
name: nfs-server
labels:
name: nfs-server
spec:
containers:
- name: nfs-server
image: my-nfs-server:v1
args: ["/exports"]
securityContext:
privileged: true
---
kind: Service
apiVersion: v1
metadata:
name: nfs-service
spec:
selector:
name: nfs-server
clusterIP: "10.96.0.3"
ports:
- name: nfs
port: 2049
protocol: UDP
- name: mountd
port: 20048
protocol: UDP
- name: rpcbind
port: 111
protocol: UDP
- name: nfs-tcp
port: 2049
protocol: TCP
- name: mountd-tcp
port: 20048
protocol: TCP
- name: rpcbind-tcp
port: 111
protocol: TCP
My pod trying to mount the server: 我的pod试图挂载服务器:
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
name: nginx
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- mountPath: "/exports"
name: nfs-demo
securityContext:
privileged: true
securityContext:
supplementalGroups: [100003]
serviceAccountName: nginx-test-account
volumes:
- name: nfs-demo
nfs:
server: 10.96.0.3
path: "/exports"
readOnly: false
I used this as a base for my nfs server image: 我用它作为我的nfs服务器映像的基础:
https://github.com/cpuguy83/docker-nfs-server https://github.com/cpuguy83/docker-nfs-server
https://medium.com/@aronasorman/creating-an-nfs-server-within-kubernetes-e6d4d542bbb9 https://medium.com/@aronasorman/creating-an-nfs-server-within-kubernetes-e6d4d542bbb9
Does anyone have an idea why the mount ist working with the pod ip but not with the service ip? 有没有人知道为什么mount正在使用pod ip而不是服务ip?
4 个解决方案
解决方案1
2 2019-01-09 03:12:07
I found a new way to solve this problem ,you can set nfs-server port to be fixed ,then mount nfs-server by service . 我找到了解决这个问题的新方法,你可以设置nfs-server端口修复,然后按服务挂载nfs-server。 you can refer to https://wiki.debian.org/SecuringNFS 你可以参考https://wiki.debian.org/SecuringNFS
解决方案2
0 2018-08-15 22:33:51
Try removing the ClusterIP ip address (let kube assign an ip to nfs service) and use the name 'nfs-service' in your volume mount definition. 尝试删除ClusterIP IP地址(让kube分配ip到nfs服务)并在卷安装定义中使用名称'nfs-service'。 Make sure that the nginx pod and the nfs service are on the same namespace. 确保nginx pod和nfs服务位于同一名称空间中。
解决方案3
0
As mentioned by Bal Chua you probably didn't export the nfs port in nfs-server pod definition. 正如Bal Chua所提到的,您可能没有在nfs-server pod定义中导出nfs端口。
nfs-server-pod.yaml NFS服务器,pod.yaml
apiVersion: v1beta1
kind: Pod
id: nfs-server
desiredState:
manifest:
version: v1beta1
id: nfs-server
containers:
- name: nfs-server
image: jsafrane/nfs-data
privileged: true
ports:
- name: nfs
containerPort: 2049
protocol: tcp
labels:
name: nfs-server
nfs-server-service.yaml NFS服务器,service.yaml
id: nfs-server
kind: Service
apiVersion: v1beta1
port: 2049
protocol: tcp
selector:
name: nfs-server
Taken from example of NFS volume page. 摘自NFS卷页面的示例 。
解决方案4
0 已采纳 2018-08-21 07:32:04
I found the solution to my problem: 我找到了解决问题的方法:
There were ports missing in my service , not the pod. 我的服务中缺少端口,而不是pod。 To find the ports I needed, I opened a console to my pod (kubectl exec) and used the " rpcinfo -p " command to list the ports needed for the service. 为了找到我需要的端口,我打开了一个控制台到我的pod(kubectl exec)并使用“ rpcinfo -p ”命令列出了服务所需的端口。
It does fix the connection problem, but only temporarily. 它确实解决了连接问题,但只是暂时的。 These ports are not static, so it is not better than using the port IP itself. 这些端口不是静态的,因此它并不比使用端口IP本身好。 I do think it is possible to configure static ports though. 我认为可以配置静态端口。
If anyone with a similar problem needs further reading: 如果有类似问题的人需要进一步阅读:
http://tldp.org/HOWTO/NFS-HOWTO/security.html http://tldp.org/HOWTO/NFS-HOWTO/security.html
https://wiki.debian.org/SecuringNFS https://wiki.debian.org/SecuringNFS
The second problem I encountered: the mount only worked if the nfs-server pod and the pod mounting it were on the same node. 我遇到的第二个问题:只有当nfs-server pod和安装它的pod位于同一节点上时,mount才有效。 I could fix it when updating to kubernetes version 1.11. 我可以在更新到kubernetes 1.11版时修复它。
Since my original problem is solved, I consider my question answered though. 由于我的原始问题已经解决,我认为我的问题得到了解答。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.