跳转到主内容

对于 iSCSI PVC , Trident 20.07.1 要求在 StorageClasses 中使用 `parameter.FSType` (如果使用 fsGroups 和安全上下文约束)

Views:
13
Visibility:
Public
Votes:
0
Category:
trident-kubernetes
Specialty:
snapx
Last Updated:

适用于

Trident 20.07.1 及更高版本 

Kubernetes 1.17 及更高版本 

iSCSI 后端 ( ONTAP , HCI/SolidFire ) 

问题

[1]Kubernetes >= 1.17 上安装 / 升级到 Trident 20.07.1 及更高版本时,如果出现以下情况,则创建的新 iSCSI 卷将不可写: 

  1. storageClass 未指定 “parameter.fsType” 

      与 

  1. 使用请求的 PVC 的 PodfsGroup在安全限制中强制实施。 

 

例如podSpec : 

--- 

apiVersion: v1 

kind: Pod 

metadata: 

  name: sec-ctx-pod 

spec: 

  securityContext: 

    runAsUser: 1000 

    runAsGroup: 3000 

    fsGroup: 2000 

  volumes: 

  - name: sec-ctx-vol 

    persistentVolumeClaim: 

      claimName: san-pvc 

  containers: 

  - name: sec-ctx-demo 

    image: busybox 

    command: [ "sh", "-c", "sleep 1h" ] 

    volumeMounts: 

    - name: sec-ctx-vol 

      mountPath: /data/demo 

    securityContext: 

      allowPrivilegeEscalation: false 

 

尝试向FSType 为空的 PV 写入数据时,出现 " 权限被拒绝 " 错误: 

Name:            pvc-b6bf10ac-6731-4b77-9963-b4d5516e4487 

Labels:         <none> 

Annotations:     pv.kubernetes.io/provisioned-by: csi.trident.netapp.io 

Finalizers:      [kubernetes.io/pv-protection external-attacher/csi-trident-netapp-io] 

StorageClass:    san-undefined-fstype 

Status:          Bound 

Claim:           default/san-pvc 

Reclaim Policy:  Delete 

Access Modes:    RWO 

VolumeMode:      Filesystem 

Capacity:        100Mi 

Node Affinity:  <none> 

Message: 

Source: 

    Type:              CSI (a Container Storage Interface (CSI) volume source) 

    Driver:            csi.trident.netapp.io 

    FSType:             

    VolumeHandle:      pvc-b6bf10ac-6731-4b77-9963-b4d5516e4487 

    ReadOnly:          false 

    VolumeAttributes:      backendUUID=115dc924-de93-4c8c-91be-5283c15a64f7 

                           internalName=trident_pvc_b6bf10ac_6731_4b77_9963_b4d5516e4487 

                           name=pvc-b6bf10ac-6731-4b77-9963-b4d5516e4487 

                           protocol=block 

                           storage.kubernetes.io/csiProvisionerIdentity=1602620905373-8081-csi.trident.netapp.io 

Events:               <none> 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device