第一次使用GCE,以前在带有kops的AWS中使用k8。
我有一个PV和PVC设置,两者都受状态限制。
我有我的第一个部署/吊舱尝试运行,大多数情况下,yaml配置大部分是从AWS的工作设置中复制的。
当我从部署中删除卷时,它会启动并进入运行状态。
连接了卷后,它停在: 开始时间:尚未开始 阶段:待定 状态:ContainerCreating
该容器的日志完全没有,只有一行。
编辑:终于在pod事件中找到了有用的东西,而不是容器日志
卷“ tio-pv-ssl”的MountVolume.SetUp失败:安装失败:退出 状态1安装命令:systemd-run安装参数: --description =用于/var/lib/kubelet/pods/c64b2284-de81-11e8-9ead-42010a9400a0/volumes/kubernetes.io~nfs/tio-pv-ssl的Kubernetes临时挂载 --scope-/ home / kubernetes / containerized_mounter / mounter mount -t nfs 10.148.0.6:/ssl /var/lib/kubelet/pods/c64b2284-de81-11e8-9ead-42010a9400a0/volumes/kubernetes.io~nfs/ tio-pv-ssl 输出:运行范围单位: 运行-r68f0f0ac5bf54be2b47ac60d9e533712.scope安装失败:安装 失败:退出状态32挂载命令:chroot挂载参数: [/ home / kubernetes / containerized_mounter / rootfs mount -t nfs 10.148.0.6:/ssl /var/lib/kubelet/pods/c64b2284-de81-11e8-9ead-42010a9400a0/volumes/kubernetes.io~nfs/tio-pv-ssl] 输出:mount.nfs:安装时服务器拒绝访问 10.148.0.6:/ssl
使用https://cloud.google.com/launcher/docs/single-node-fileserver设置了NFS服务器10.148.0.6 似乎运行正常,并且/ ssl文件夹位于NFS根目录(/ data / ssl)下
Kubectl的状态
kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
tio-pv-ssl 1000Gi RWX Retain Bound core/tio-pv-claim-ssl standard 17m
kubectl get pvc --namespace=core
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
tio-pv-claim-ssl Bound tio-pv-ssl 1000Gi RWX standard 18m
kubectl get pods --namespace=core
NAME READY STATUS RESTARTS AGE
proxy-deployment-64b9cdb55d-8htjf 0/1 ContainerCreating 0 13m
卷Yaml
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: tio-pv-ssl
spec:
capacity:
storage: 1000Gi
storageClassName: standard
accessModes:
- ReadWriteMany
nfs:
server: 10.148.0.6
path: "/ssl"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: tio-pv-claim-ssl
namespace: core
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Mi
volumeName: tio-pv-ssl
storageClassName: standard
部署Yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: proxy-deployment
spec:
replicas: 1
template:
metadata:
labels:
app: proxy
spec:
containers:
- name: proxy-ctr
image: asia.gcr.io/xyz/nginx-proxy:latest
resources:
limits:
cpu: "500m"
memory: 1024Mi
requests:
cpu: 100m
memory: 256Mi
ports:
- containerPort: 80
- containerPort: 443
volumeMounts:
- name: tio-ssl-storage
mountPath: "/etc/nginx/ssl"
volumes:
- name: tio-ssl-storage
persistentVolumeClaim:
claimName: tio-pv-claim-ssl
strategy:
type: "RollingUpdate"
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
---
apiVersion: v1
kind: Service
metadata:
name: proxyservice
namespace: core
labels:
app: proxy
spec:
ports:
- port: 80
name: port-http
protocol: TCP
- port: 443
name: port-https
protocol: TCP
selector:
app: proxy
type: LoadBalancer
答案 0 :(得分:1)
一旦发现隐藏日志的位置,便解决了我自己的问题。
path: "/ssl"
应该是服务器上的完整路径,而不是相对于nfs数据文件夹的相对路径
path: "/data/ssl"