Hashicorp vault pods,状态为pending
我使用3个副本部署了hashicorp vault。Pod vault-0正在运行,但其他两个Pod处于挂起状态。enter image description here
这是我的override yaml
# Vault Helm Chart Value Overrides
global:
enabled: true
tlsDisable: true
injector:
enabled: true
# Use the Vault K8s Image https://github.com/hashicorp/vault-k8s/
image:
repository: "hashicorp/vault-k8s"
tag: "0.9.0"
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 256Mi
cpu: 250m
affinity: ""
server:
auditStorage:
enabled: true
standalone:
enabled: false
image:
repository: "hashicorp/vault"
tag: "1.6.3"
resources:
requests:
memory: 4Gi
cpu: 1000m
limits:
memory: 8Gi
cpu: 1000m
ha:
enabled: true
replicas: 3
raft:
enabled: true
setNodeId: true
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "raft" {
path = "/vault/data"
}
service_registration "kubernetes" {}
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
service_registration "kubernetes" {}
# Vault UI
ui:
enabled: true
serviceType: "ClusterIP"
externalPort: 8200是否将kubectl描述为挂起的pod,并可以看到以下状态消息。我不确定我是否在覆盖文件中添加了正确的关联设置。不确定我做错了什么。我正在使用vault helm charts部署到docker桌面本地群集。感谢任何人的帮助。
回答 1
Stack Overflow用户
发布于 2021-03-24 01:39:02
您的values.yaml文件中存在一些问题。
1.设置
server:
auditStorage:
enabled: true但是您没有指定如何创建PVC以及Storage类是什么。图表期望您在启用存储的情况下执行此操作。查看:如果您只是在本地计算机上测试或指定存储配置,则https://github.com/hashicorp/vault-helm/blob/master/values.yaml#L446将其设置为false。
2.为注入器设置了空的亲和性变量,但没有为服务器设置亲和性变量。设置
affinity: ""对于服务器也是如此。查看:https://github.com/hashicorp/vault-helm/blob/master/values.yaml#L347
3.未初始化和密封的Vault集群并不是真正可用的。在Vault准备就绪之前,您需要对其进行初始化和解封。这意味着设置一个readinessProbe。如下所示:
server:
readinessProbe:
path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204"4.最后一个,但这是可选的。这些内存请求:
resources:
requests:
memory: 4Gi
cpu: 1000m
limits:
memory: 8Gi
cpu: 1000m 有点偏高。设置一个包含3个副本的HA群集,每个副本请求4Gi的内存可能会导致Insufficient memory错误-在本地群集上部署时最有可能发生这种情况。
但是话又说回来,你的本地机器可能有32 on的内存--我不知道;)如果没有,就把它们裁剪掉以适合你的机器。
因此,下面的值适用于我:
# Vault Helm Chart Value Overrides
global:
enabled: true
tlsDisable: true
injector:
enabled: true
# Use the Vault K8s Image https://github.com/hashicorp/vault-k8s/
image:
repository: "hashicorp/vault-k8s"
tag: "0.9.0"
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 256Mi
cpu: 250m
affinity: ""
server:
auditStorage:
enabled: false
standalone:
enabled: false
image:
repository: "hashicorp/vault"
tag: "1.6.3"
resources:
requests:
memory: 256Mi
cpu: 200m
limits:
memory: 512Mi
cpu: 400m
affinity: ""
readinessProbe:
enabled: true
path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204"
ha:
enabled: true
replicas: 3
raft:
enabled: true
setNodeId: true
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "raft" {
path = "/vault/data"
}
service_registration "kubernetes" {}
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
service_registration "kubernetes" {}
# Vault UI
ui:
enabled: true
serviceType: "ClusterIP"
externalPort: 8200
https://stackoverflow.com/questions/66766180
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号