0

为了将 IBM Cloud 对象存储添加到我的集群,我一直在遵循本指南。

虽然我已经让它与标准集群一起工作,但在尝试将 COS 连接到 VPC 集群时遇到了问题。(不是同一个对象存储,也不是集群。两个完全不同的环境)

我已启用 VRF(并且已获得批准),并且我已使用 s3.direct 端点创建了自己的存储类。

但是,存储类似乎无法配置卷。我得到的错误来自 TokenManagerRetrieveError: error retrieving the token。我找不到任何有关此案的文件。我已经检查了帐户 IAM 令牌并且它们已经到位。以下是来自以下命令的事件。尤其见第二段。

这是我创建的存储类:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: cos-vpc
  namespace: default
parameters:    
  ibm.io/chunk-size-mb: "16"
  ibm.io/curl-debug: "false"
  ibm.io/debug-level: "warn"
  ibm.io/iam-endpoint: "https://iam.bluemix.net"
  ibm.io/kernel-cache: "true"
  ibm.io/multireq-max: "20"
  ibm.io/object-store-endpoint: "https://s3.direct.eu-de.cloud-object-storage.appdomain.cloud"
  ibm.io/object-store-storage-class: eu-de-standard
  ibm.io/parallel-count: "2"
  ibm.io/s3fs-fuse-retry-count: "5"
  ibm.io/stat-cache-size: "100000"
  ibm.io/tls-cipher-suite: AESGCM
provisioner: "ibm.io/ibmc-s3fs"
reclaimPolicy: Delete
volumeBindingMode: Immediate

这是PVC:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: hasher-java-pvc
  namespace: default
  annotations:
    ibm.io/auto-create-bucket: "false"
    ibm.io/auto-delete-bucket: "false"
    ibm.io/bucket: uia-bucket2
    ibm.io/secret-name: cos-write-access
spec:
  accessModes:
  - "ReadWriteOnce"
  resources:
    requests:
      storage: "13Gi"
  storageClassName: "cos-vpc"

描述pvc。

Name:          hasher-java-pvc
Namespace:     default
StorageClass:  cos-vpc
Status:        Pending
Volume:        
Labels:        <none>
Annotations:   ibm.io/auto-create-bucket: false
               ibm.io/auto-delete-bucket: false
               ibm.io/bucket: uia-bucket2
               ibm.io/secret-name: cos-write-access
               volume.beta.kubernetes.io/storage-provisioner: ibm.io/ibmc-s3fs
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      
Access Modes:  
VolumeMode:    Filesystem
Mounted By:    hasher-java-7c44896747-d5g8q
               hasher-java-7c44896747-gm2m9
               hasher-java-7c44896747-qhrxm
Events:
  Type     Reason                Age                    From                                                                                                  Message
  ----     ------                ----                   ----                                                                                                  -------
  Normal   Provisioning          4m52s (x3 over 5m53s)  ibm.io/ibmc-s3fs_ibmcloud-object-storage-plugin-d76dc998c-5wsx5_0f82cf0d-69e3-11ea-bdd1-2a0e250d0c0b  External provisioner is provisioning volume for claim "default/hasher-java-pvc"
  Warning  ProvisioningFailed    4m22s (x3 over 5m23s)  ibm.io/ibmc-s3fs_ibmcloud-object-storage-plugin-d76dc998c-5wsx5_0f82cf0d-69e3-11ea-bdd1-2a0e250d0c0b  failed to provision volume with StorageClass "cos-vpc": hasher-java-pvc:bppmei1f05qovjlv74vg:cannot access bucket uia-bucket2: TokenManagerRetrieveError: error retrieving the token
  Normal   ExternalProvisioning  12s (x24 over 5m53s)   persistentvolume-controller                                                                           waiting for a volume to be created, either by external provisioner "ibm.io/ibmc-s3fs" or manually created by system administrator

任何帮助是极大的赞赏。

4

1 回答 1

2

此案例现在列在此处的 IBM Cloud 文档的故障排除部分下:https ://cloud.ibm.com/docs/containers?topic=containers-cs_troubleshoot_storage#cos_pvc_pending (向下滚动以查找此错误的匹配项)

它可能需要使用 HMAC 样式的凭证而不是 instanceid + IAM AKI 密钥来创建访问存储桶的密钥。

因此,请尝试使用 HMAC 密钥创建凭证,如下所述:https ://cloud.ibm.com/docs/containers?topic=containers-object_storage#create_cos_service

然后查看 HMAC 身份验证示例,其中文档解释了如何创建机密:

kubectl create secret generic cos-write-access --type=ibm/ibmc-s3fs --from-literal=access-key=<access_key_ID> --from-literal=secret-key=<secret_access_key>

(参考文档:https ://cloud.ibm.com/docs/containers?topic=containers-object_storage#create_cos_secret )

于 2020-11-30T10:29:13.877 回答