root@master:~/yamls# kubectl describe pod/busybox
Name: busybox
Namespace: default
Priority: 0
Node: master/172.17.101.90
Start Time: Fri, 03 Jul 2020 11:13:22 +0300
Labels: <none>
Annotations: Status: Pending
IP:
IPs: <none>
Containers:
busybox:
Container ID:
Image: busybox
Image ID:
Port: <none>
Host Port: <none>
Command:
sleep
3600
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/data from test (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-h942c (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
test:
Type: FlexVolume (a generic volume resource that is provisioned/attached using an exec based plugin)
Driver: fstab/cifs
FSType: cifs
SecretRef: &LocalObjectReference{Name:cifs-secret,}
ReadOnly: false
Options: map[mountOptions:dir_mode=0755,file_mode=0644,noperm networkPath://srv/path]
default-token-h942c:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-h942c
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedMount 15m (x7 over 51m) kubelet, master Unable to attach or mount volumes: unmounted volumes=[test], unattached volumes=[default-token-h942c test]: timed out waiting for the condition
Warning FailedMount 6m9s (x23 over 74m) kubelet, master Unable to attach or mount volumes: unmounted volumes=[test], unattached volumes=[test default-token-h942c]: timed out waiting for the condition
Warning FailedMount 50s (x45 over 76m) kubelet, master MountVolume.SetUp failed for volume "test" : Couldn't get secret default/cifs-secret err: Cannot get secret of type fstab/cifs
root@master:~/yamls# cat pod.yaml
apiVersion: v1
kind: Secret
metadata:
name: cifs-secret
namespace: default
data:
username: '***='
password: '*****=='
---
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: busybox
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
volumeMounts:
- name: test
mountPath: /data
volumes:
- name: test
flexVolume:
driver: "fstab/cifs"
fsType: "cifs"
secretRef:
name: "cifs-secret"
options:
networkPath: "//srv/path"
mountOptions: "dir_mode=0755,file_mode=0644,noperm"
При этом если
root@master:~/yamls# cat pod.yaml
apiVersion: v1
kind: Secret
metadata:
name: cifs-secret
namespace: default
data:
username: '***='
password: '*****=='
///
Тогда
root@master:~/yamls# kubectl apply -f pod.yaml
pod/busybox configured
The Secret "cifs-secret" is invalid: type: Invalid value: "fstab/cifs": field is immutable
root@master:~/yamls# tree /usr/libexec/kubernetes/kubelet-plugins/volume/exec/
/usr/libexec/kubernetes/kubelet-plugins/volume/exec/
└── fstab~cifs
├── cifs
├── LICENSE
└── README.md
1 directory, 3 files
root@master:~/yamls# ps aux | grep kubelet
root 89326 0.0 0.0 14424 1112 pts/1 S+ 13:55 0:00 grep --color=auto kubelet
root 108000 2.4 6.4 497056 259684 ? Ssl 12:29 2:07 /snap/microk8s/1496/kube-apiserver --cert-dir=/var/snap/microk8s/1496/certs --service-cluster-ip-range=10.152.183.0/24 --authorization-mode=AlwaysAllow --basic-auth-file=/var/snap/microk8s/1496/credentials/basic_auth.csv --service-account-key-file=/var/snap/microk8s/1496/certs/serviceaccount.key --client-ca-file=/var/snap/microk8s/1496/certs/ca.crt --tls-cert-file=/var/snap/microk8s/1496/certs/server.crt --tls-private-key-file=/var/snap/microk8s/1496/certs/server.key --kubelet-client-certificate=/var/snap/microk8s/1496/certs/server.crt --kubelet-client-key=/var/snap/microk8s/1496/certs/server.key --secure-port=16443 --token-auth-file=/var/snap/microk8s/1496/credentials/known_tokens.csv --token-auth-file=/var/snap/microk8s/1496/credentials/known_tokens.csv --etcd-servers=https://127.0.0.1:12379 --etcd-cafile=/var/snap/microk8s/1496/certs/ca.crt --etcd-certfile=/var/snap/microk8s/1496/certs/server.crt --etcd-keyfile=/var/snap/microk8s/1496/certs/server.key --insecure-port=0 --requestheader-client-ca-file=/var/snap/microk8s/1496/certs/front-proxy-ca.crt --requestheader-allowed-names=front-proxy-client --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --proxy-client-cert-file=/var/snap/microk8s/1496/certs/front-proxy-client.crt --proxy-client-key-file=/var/snap/microk8s/1496/certs/front-proxy-client.key
root 108046 1.8 1.3 1559096 55200 ? Ssl 12:29 1:35 /snap/microk8s/1496/kubelet --kubeconfig=/var/snap/microk8s/1496/credentials/kubelet.config --cert-dir=/var/snap/microk8s/1496/certs --client-ca-file=/var/snap/microk8s/1496/certs/ca.crt --anonymous-auth=false --network-plugin=cni --root-dir=/var/snap/microk8s/common/var/lib/kubelet --fail-swap-on=false --cni-conf-dir=/var/snap/microk8s/1496/args/cni-network/ --cni-bin-dir=/snap/microk8s/1496/opt/cni/bin/ --feature-gates=DevicePlugins=true --eviction-hard=memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi --container-runtime=remote --container-runtime-endpoint=/var/snap/microk8s/common/run/containerd.sock --containerd=/var/snap/microk8s/common/run/containerd.sock --node-labels=microk8s.io/cluster=true --cluster-domain=cluster.local --cluster-dns=10.152.183.10 --serialize-image-pulls=false --volume-plugin-dir=/usr/libexec/kubernetes/kubelet-plugins/volume/exec
root@master:~/yamls# snap list
Name Version Rev Tracking Publisher Notes
core 16-2.45.1 9436 latest/stable canonical✓ core
microk8s v1.18.4 1496 1.18/stable canonical✓ classic
Что сюда ещё добавить?
Простой
Средний
