Comments (7)
Hi @nsoubelet,
I know that your ETCD cluster are insecure but I had the same issue whit tls, in my case the problem was the secret resource storageos-tls-etcd
.
When I created storageoscluster for the frst time, a secret was created (storageos-tls-etcd), this secret is used by Daemonset storageos-daemonset
to comunicate Pods with the cluster ETCD, this secret contains the tls certs.
Then I uninstalled storageoscluster and ETCD cluster, and install again (by some errors), but this secret still existed and my pods could not connect to the cluster ETCD (same error "{"error":"failed to instantiate ETCD: context deadline exceeded","level":"error","msg":"failed to initialise store client","time":"2020-12-08T21:44:41.780958599Z"}"
).
To solve this just delete that secret en reinstall storageos and storageoscluster. I hope this helps.
from cluster-operator.
Hi @coneking
I was not able to see that tls secret in my deployment.
However, I found the problem. Basically etcd cluster could not be resolved by service name, only by its IP. To me seems like a problem with the image, since all other containers I started referencing etcd cluster by service name in the same namespace worked ok.
from cluster-operator.
Hi @nsoubelet ,
Could you send us over the StorageOS Cluster CR please? You can do that with kubectl describe stos -A
Could you also make sure that you have all the relevant firewall ports open? (https://docs.storageos.com/docs/prerequisites/firewalls/)
Also, is there a reason you are using v2.1? The newest version is v2.3.2.
from cluster-operator.
Hi @aeroniero33
Thanks for replying.
Unfortunately I have uninstalled StorageOS but I will give it another try and send it over.
Could you also make sure that you have all the relevant firewall ports open?
Yes, firewalls open, that's why I clarified points 2 and 3 in my issue.
Also, is there a reason you are using v2.1? The newest version is v2.3.2.
I first tried with latest, then I tried other versions just is case there was a particular issue in that version, but it is failing in all 2.x versions.
from cluster-operator.
Hi @coneking
Many thanks for sharing. Really interesting, I will give it a try for sure!
from cluster-operator.
Hi @coneking, I tried what you said with no luck. I don't see any secret being created by storage os apart from tokens. Maybe you are using a different version?.
@aeroniero33, please find bellow the output of the command. Some sensitive fields were replaced.
Name: example-storageos
Namespace: storageos-operator
Labels: <none>
Annotations: API Version: storageos.com/v1
Kind: StorageOSCluster
Metadata:
Creation Timestamp: 2021-01-03T19:16:41Z
Finalizers:
finalizer.storageoscluster.storageos.com
Generation: 3
Managed Fields:
API Version: storageos.com/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:debug:
f:images:
.:
f:nodeContainer:
f:k8sDistro:
f:kvBackend:
.:
f:address:
f:backend:
f:nodeSelectorTerms:
f:resources:
.:
f:requests:
.:
f:memory:
f:secretRefName:
f:secretRefNamespace:
Manager: kubectl
Operation: Update
Time: 2021-01-03T19:16:41Z
API Version: storageos.com/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:finalizers:
f:spec:
f:csi:
.:
f:deploymentStrategy:
f:enable:
f:enableControllerExpandCreds:
f:enableControllerPublishCreds:
f:enableNodePublishCreds:
f:enableProvisionCreds:
f:images:
f:apiManagerContainer:
f:csiClusterDriverRegistrarContainer:
f:csiExternalAttacherContainer:
f:csiExternalProvisionerContainer:
f:csiExternalResizerContainer:
f:csiLivenessProbeContainer:
f:csiNodeDriverRegistrarContainer:
f:initContainer:
f:kubeSchedulerContainer:
f:ingress:
f:join:
f:namespace:
f:resources:
f:requests:
f:cpu:
f:service:
.:
f:externalPort:
f:internalPort:
f:name:
f:type:
f:status:
.:
f:members:
.:
f:unready:
f:nodes:
f:phase:
f:ready:
Manager: cluster-operator
Operation: Update
Time: 2021-01-03T19:16:47Z
Resource Version: 3106986
Self Link: /apis/storageos.com/v1/namespaces/storageos-operator/storageosclusters/example-storageos
UID: 67436d62-b8f4-4d2b-819b-ed02c2073419
Spec:
Csi:
Deployment Strategy: deployment
Enable: true
Enable Controller Expand Creds: true
Enable Controller Publish Creds: true
Enable Node Publish Creds: true
Enable Provision Creds: true
Debug: true
Images:
API Manager Container: storageos/api-manager:v1.0.0
Csi Cluster Driver Registrar Container: quay.io/k8scsi/csi-cluster-driver-registrar:v1.0.1
Csi External Attacher Container: quay.io/k8scsi/csi-attacher:v2.2.0
Csi External Provisioner Container: storageos/csi-provisioner:v1.6.0-patched
Csi External Resizer Container: quay.io/k8scsi/csi-resizer:v0.5.0
Csi Liveness Probe Container: quay.io/k8scsi/livenessprobe:v1.1.0
Csi Node Driver Registrar Container: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0
Init Container: storageos/init:v2.1.0
Kube Scheduler Container: k8s.gcr.io/kube-scheduler:v1.18.4
Node Container: storageos/node:v2.3.1
Ingress:
Join: [some-ip]
k8sDistro: upstream
Kv Backend:
Address: [service]:2379
Backend: etcd
Namespace: kube-system
Node Selector Terms:
Match Expressions:
Key: [some-key]
Operator: In
Values:
[some-val]
Resources:
Requests:
Cpu: 1
Memory: 256Mi
Secret Ref Name: storageos-api
Secret Ref Namespace: storageos-operator
Service:
External Port: 5705
Internal Port: 5705
Name: storageos
Type: ClusterIP
Status:
Members:
Unready:
[some-ip]
Nodes:
[some-ip]
Phase: Creating
Ready: 0/1
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning ChangedStatus 6m10s storageoscluster-operator 0/1 StorageOS nodes are functional
from cluster-operator.
Hi @nsoubelet,
The secret was created automatically in kube-system
kubectl -n kube-system get secret storageos-tls-etcd
Am using v2.3.1 and v2.3.2 on different clusters
apiVersion: storageos.com/v1
kind: StorageOSCluster
metadata:
finalizers:
- finalizer.storageoscluster.storageos.com
name: example-storageos
namespace: storageos-operator
spec:
csi:
deploymentStrategy: deployment
enable: true
enableControllerExpandCreds: true
enableControllerPublishCreds: true
enableNodePublishCreds: true
enableProvisionCreds: true
images:
apiManagerContainer: storageos/api-manager:v1.0.0
csiClusterDriverRegistrarContainer: quay.io/k8scsi/csi-cluster-driver-registrar:v1.0.1
csiExternalAttacherContainer: quay.io/k8scsi/csi-attacher:v2.2.0
csiExternalProvisionerContainer: storageos/csi-provisioner:v1.6.0-patched
csiExternalResizerContainer: quay.io/k8scsi/csi-resizer:v0.5.0
csiLivenessProbeContainer: quay.io/k8scsi/livenessprobe:v1.1.0
csiNodeDriverRegistrarContainer: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0
initContainer: storageos/init:v2.1.0
kubeSchedulerContainer: k8s.gcr.io/kube-scheduler:v1.16.7
nodeContainer: storageos/node:v2.3.2
ingress: {}
join: ALL-MY-NODES
k8sDistro: upstream
kvBackend:
address: MY-SERVERS-ETCD:2379
backend: etcd
namespace: kube-system
resources:
requests:
cpu: "1"
memory: 512Mi
secretRefName: storageos-api
secretRefNamespace: storageos-operator
service:
externalPort: 5705
internalPort: 5705
name: storageos
type: ClusterIP
tlsEtcdSecretRefName: MY-SECRET-TLS
tlsEtcdSecretRefNamespace: kube-system
from cluster-operator.
Related Issues (20)
- [Kubernetes][KubeSpray] Error: OCI runtime create failed: container_linux.go:345: starting container process caused "exec: \"storageos\": executable file not found in $PATH": unknown HOT 6
- [Kubernetes][KubeSpray] MountVolume.SetUp failed for volume "pvc-371a14b0-8426-4ce9-86f5-abe83e59743b" : exit status 5 HOT 10
- Expand PersistentVolumes in k8s HOT 1
- storageos operator missing pods/log permission
- Missing properties from CR
- Feature Request: use a storage class for data volume instead of host dir HOT 2
- Error on creation of PVC HOT 4
- Cluster operator UI broken on OpenShift 4.2 - "Invariant Violation" HOT 6
- error retrieving resource lock on k8s 1.17.0 HOT 1
- "node has no NodeID annotation" when attaching a volume HOT 9
- StorageOS 2 and OKD 4.4 volumes created after installation not visible in dashboard and not spread across nodes HOT 1
- pod with storageos disk recreates about 5 minutes. HOT 1
- [FEATURE] UI show volumes for all namespaces HOT 1
- Problem with AKS storage HOT 3
- When trying to deploy, gcr.io/google-containers/kube-scheduler:v1.18.8 is not found and install can';t complete HOT 5
- Node metrics in v2 HOT 1
- PVC attach/mount failed - csi.storageos.com not found HOT 7
- Operator projects using the removed APIs in k8s 1.22 requires changes. HOT 10
- storageos-csi-helper pod on CrashLoopBackOff
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cluster-operator.