跳转到主内容

对于 iSCSI PVC , Trident 20.07.1 要求在 StorageClasses 中使用 `parameter.FSType` (如果使用 fsGroups 和安全上下文约束)

Views:
11
Visibility:
Public
Votes:
0
Category:
trident-kubernetes
Specialty:
snapx
Last Updated:

适用于

Trident 20.07.1 及更高版本 

Kubernetes 1.17 及更高版本 

iSCSI 后端 ( ONTAP , HCI/SolidFire ) 

问题

[1]Kubernetes >= 1.17 上安装 / 升级到 Trident 20.07.1 及更高版本时,如果出现以下情况,则创建的新 iSCSI 卷将不可写: 

  1. storageClass 未指定 “parameter.fsType” 

      与 

  1. 使用请求的 PVC 的 PodfsGroup在安全限制中强制实施。 

 

例如podSpec : 

--- 

apiVersion: v1 

kind: Pod 

metadata: 

  name: sec-ctx-pod 

spec: 

  securityContext: 

    runAsUser: 1000 

    runAsGroup: 3000 

    fsGroup: 2000 

  volumes: 

  - name: sec-ctx-vol 

    persistentVolumeClaim: 

      claimName: san-pvc 

  containers: 

  - name: sec-ctx-demo 

    image: busybox 

    command: [ "sh", "-c", "sleep 1h" ] 

    volumeMounts: 

    - name: sec-ctx-vol 

      mountPath: /data/demo 

    securityContext: 

      allowPrivilegeEscalation: false 

 

尝试向FSType 为空的 PV 写入数据时,出现 " 权限被拒绝 " 错误: 

Name:            pvc-b6bf10ac-6731-4b77-9963-b4d5516e4487 

Labels:         <none> 

Annotations:     pv.kubernetes.io/provisioned-by: csi.trident.netapp.io 

Finalizers:      [kubernetes.io/pv-protection external-attacher/csi-trident-netapp-io] 

StorageClass:    san-undefined-fstype 

Status:          Bound 

Claim:           default/san-pvc 

Reclaim Policy:  Delete 

Access Modes:    RWO 

VolumeMode:      Filesystem 

Capacity:        100Mi 

Node Affinity:  <none> 

Message: 

Source: 

    Type:              CSI (a Container Storage Interface (CSI) volume source) 

    Driver:            csi.trident.netapp.io 

    FSType:             

    VolumeHandle:      pvc-b6bf10ac-6731-4b77-9963-b4d5516e4487 

    ReadOnly:          false 

    VolumeAttributes:      backendUUID=115dc924-de93-4c8c-91be-5283c15a64f7 

                           internalName=trident_pvc_b6bf10ac_6731_4b77_9963_b4d5516e4487 

                           name=pvc-b6bf10ac-6731-4b77-9963-b4d5516e4487 

                           protocol=block 

                           storage.kubernetes.io/csiProvisionerIdentity=1602620905373-8081-csi.trident.netapp.io 

Events:               <none> 

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support