无法在AKS上挂载吊舱卷

Question

我想使用声纳-qube和部署在AKS (Azure Kubernetes)。我想存储声纳日志，数据，conf和扩展到持久的卷。但是，由于超时，AKS似乎无法挂载卷。

我已经构建了一个创建卷+服务+部署和入口的脚本。->没有成功

我试图将卷创建与应用程序创建和卷记录分开->没有成功。

​

​

但是，在AZURE上创建和提供卷。

​

​

配置：

• AKS版本: 1.14.5
• 硬件类型:标准DS2 v2 (2 vcpus，7 GiB内存)

下面是我用来创建卷的脚本：

#Namespace creation
apiVersion: v1
kind: Namespace
metadata: 
  name: cicd
  labels: 
    name: cicd
---
#PVC for Sonar’s data directory creation
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sonar-data
  namespace: cicd  
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: default
  resources:
    requests:
      storage: 5G
---
#PVC for Sonar’s conf directory
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sonar-conf
  namespace: cicd  
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: default
  resources:
    requests:
      storage: 5Gi
---
#PVC for Sonar’s logs directory
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sonar-logs
  namespace: cicd  
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: default
  resources:
    requests:
      storage: 10Gi
---
#PVC for Sonar’s extensions directory
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sonar-extensions
  namespace: cicd  
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: default
  resources:
    requests:
      storage: 5Gi
---
#Create secretKeyRef

apiVersion: v1
kind: Secret
metadata:
  name: sonar-secret
  namespace: cicd
type: Opaque
data:
  password: *****************

下面是我用来创建声纳的脚本：

#SonarQube deployment
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: sonarqube
  name: sonarqube
  namespace: cicd
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: sonarqube
    spec:
      securityContext:
        runAsUser: 0
        fsGroup: 0    
      containers:
        - name: sonarqube
          image: sonarqube:latest
          resources:
            requests:
              cpu: 500m
              memory: 1024Mi
            limits:
              cpu: 2000m
              memory: 2048Mi
          volumeMounts:
          - mountPath: "/opt/sonarqube/data/"
            name: sonar-data
          - mountPath: "/opt/sonarqube/extensions/"
            name: sonar-extensions
          - mountPath: "/opt/sonarqube/logs/"
            name: sonar-logs
          - mountPath: "/opt/sonarqube/conf/"
            name: sonar-conf
          env:
          - name: "SONARQUBE_JDBC_USERNAME"
            value: "sonar"
          - name: "SONARQUBE_JDBC_URL"
            value: "jdbc:sqlserver://internal-sql-az-westeurope.database.windows.net:1433;databaseName=Sonar;user=SONARQUBE_JDBC_USERNAME;password=SONAR_SQL_LOGIN_PASSWORD"
          - name: "SONARQUBE_JDBC_PASSWORD"
            valueFrom:
              secretKeyRef:
                name: sonar-secret
                key: password
          ports:
          - containerPort: 9000
            protocol: TCP
      volumes:
      - name: sonar-data
        persistentVolumeClaim:
          claimName: sonar-data
      - name: sonar-extensions
        persistentVolumeClaim:
          claimName: sonar-extensions
      - name: sonar-logs
        persistentVolumeClaim:
          claimName: sonar-logs
      - name: sonar-conf
        persistentVolumeClaim:
          claimName: sonar-conf
---
# --------------
# Service Object
# --------------
apiVersion: v1
kind: Service
metadata:
  labels:
    name: sonarqube
  name: sonarqube-service
  namespace: cicd
spec:
  ports:
    - port: 80 # Default port for image
      protocol: TCP
  selector:
    name: sonarqube

# -----------------
# Ingress object
# -----------------
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: sonarqube-api-ingress
  namespace: cicd
  annotations:
    kubernetes.io/ingress.class: nginx
    #Default is 'true'
    #nginx.ingress.kubernetes.io/ssl-redirect: "false" 
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    #https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range
    nginx.ingress.kubernetes.io/whitelist-source-range: "******"    
spec:
  tls:
  - hosts:
    - sonar.traceparts.com
    secretName: aks-ingress-tls-star-traceparts-com 
  rules:
  - host: sonar.traceparts.com
    http:
      paths:     
      - backend:
          serviceName: sonarqube-service
          servicePort: 80
        path: /(.*)         

有人能帮我理解这个问题吗？

Answer 1

实际上，当您通过YAML文件创建持久卷并将Azure磁盘挂载到节点时，您需要等待一段时间，Azure需要一些时间将磁盘附加到节点。因此，第一个失败是因为磁盘没有连接到节点上。

只需绘制并等待一段时间，然后使用以下命令进行检查：

kubectl describe pvc --namespace cicd

如下所示：

​

​

顺便说一下，在创建AKS集群时，它的服务主体已经具有节点所在的资源组的贡献者角色。因此，通常情况下，许可是足够的，至少对于持久卷。

Answer 2

我和Azure支持人员谈过了，他告诉我运行以下命令。这个命令立即解决了我的问题。

az resource update --ids /subscriptions/<SUBSCRIPTION-ID>/resourcegroups/<RESOURCE-GROUP>/providers/Microsoft.ContainerService/managedClusters/<AKS-CLUSTER-NAME>/agentpools/<NODE-GROUP-NAME>