Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create cluster zone filed with "Unable to attach or mount volumes" #421

Closed
jaggerwang opened this issue Jan 13, 2021 · 14 comments
Closed

Create cluster zone filed with "Unable to attach or mount volumes" #421

jaggerwang opened this issue Jan 13, 2021 · 14 comments

Comments

@jaggerwang
Copy link

jaggerwang commented Jan 13, 2021

Workload:
image
image

Pod:
image

PV:
image
image

Steps to Reproduce (for bugs)

  1. Install minio plugin.
  2. Init minio plugin.
  3. Create a tenant.
kubectl krew update
kubectl krew install minio

kubectl minio init

kubectl minio tenant create                \
    --name minio-cluster                   \
    --servers 4                            \
    --volumes 4                            \
    --capacity 12Ti                        \
    --storage-class local-storage

StorageClass:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
    name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer

PersistentVolumes:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: minio-kubenode1-data2
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 3.7Ti
  local:
    path: /data2
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - dev-kubenode1
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: minio-kubenode2-data2
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 3.7Ti
  local:
    path: /data2
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - dev-kubenode2
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: minio-kubenode3-data2
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 3.7Ti
  local:
    path: /data2
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - dev-kubenode3
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: minio-kubenode4-data2
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 3.7Ti
  local:
    path: /data2
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - dev-kubenode4
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  volumeMode: Filesystem

Your Environment

  • Version used (minio-operator): v3.0.29
  • Environment name and version (e.g. kubernetes v1.17.2): v1.18.14 managed by Rancher
  • Server type and version: CentOS Linux release 8.3.2011
  • Operating System and version (uname -a): Linux dev-kubenode1 4.18.0-240.1.1.el8_3.x86_64 Add Minio operator  #1 SMP Thu Nov 19 17:20:08 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
@lptarik
Copy link

lptarik commented Jan 20, 2021

@jaggerwang
Copy link
Author

Maybe this can help you
https://github.com/minio/operator/issues/395#issuecomment-748650296

Thanks,but these two are not the same problem.

@nitisht
Copy link
Contributor

nitisht commented Feb 4, 2021

Is this still a problem @jaggerwang ? Can you paste the output kubectl describe pod <minio-pod-name>

@oiar
Copy link

oiar commented Feb 4, 2021

I encountered the same problem, have you found a solution? Thank you very much if you can get your help.

@oiar
Copy link

oiar commented Feb 4, 2021

Is this still a problem @jaggerwang ? Can you paste the output kubectl describe pod <minio-pod-name>

hi! Hope to get your help, thank you very much.

$ kubectl describe pod minio-tenant-1-zone-0-0 -n minio
Name:           minio-tenant-1-zone-0-0
Namespace:      minio
Priority:       0
Node:           localhost/192.168.0.254
Start Time:     Thu, 04 Feb 2021 08:28:23 +0000
Labels:         controller-revision-hash=minio-tenant-1-zone-0-67d6b6b76d
                statefulset.kubernetes.io/pod-name=minio-tenant-1-zone-0-0
                v1.min.io/tenant=minio-tenant-1
                v1.min.io/version=v3.0.29
                v1.min.io/zone=zone-0
Annotations:    <none>
Status:         Pending
IP:
IPs:            <none>
Controlled By:  StatefulSet/minio-tenant-1-zone-0
Containers:
  minio:
    Container ID:
    Image:         minio/minio:RELEASE.2020-11-19T23-48-16Z
    Image ID:
    Port:          9000/TCP
    Host Port:     0/TCP
    Args:
      server
      --certs-dir
      /tmp/certs
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Environment:
      MINIO_UPDATE:                  on
      MINIO_UPDATE_MINISIGN_PUBKEY:  RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
      MINIO_ARGS:                    <set to the key 'MINIO_ARGS' in secret 'operator-webhook-secret'>  Optional: false
      MINIO_ENDPOINTS:               https://minio-tenant-1-zone-0-{0...3}.minio-tenant-1-hl.minio.svc.cluster.local/export
      MINIO_OPERATOR_VERSION:        v3.0.29
      MINIO_ACCESS_KEY:              <set to the key 'accesskey' in secret 'minio-tenant-1-creds-secret'>  Optional: false
      MINIO_SECRET_KEY:              <set to the key 'secretkey' in secret 'minio-tenant-1-creds-secret'>  Optional: false
    Mounts:
      /export from 0 (rw)
      /tmp/certs from minio-tenant-1-tls (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-qk29w (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  0:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  0-minio-tenant-1-zone-0-0
    ReadOnly:   false
  minio-tenant-1-tls:
    Type:                Projected (a volume that contains injected data from multiple sources)
    SecretName:          minio-tenant-1-tls
    SecretOptionalName:  <nil>
  default-token-qk29w:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-qk29w
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason       Age                    From     Message
  ----     ------       ----                   ----     -------
  Warning  FailedMount  38m (x346 over 22h)    kubelet  Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[0 minio-tenant-1-tls default-token-qk29w]: timed out waiting for the condition
  Warning  FailedMount  18m (x115 over 21h)    kubelet  Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[minio-tenant-1-tls default-token-qk29w 0]: timed out waiting for the condition
  Warning  FailedMount  3m46s (x657 over 22h)  kubelet  MountVolume.SetUp failed for volume "minio-tenant-1-tls" : secret "minio-tenant-1-tls" not found

and

$ kubectl get events -n minio
 LAST SEEN   TYPE      REASON        OBJECT                        MESSAGE

8s          Warning   FailedMount   pod/minio-tenant-1-zone-0-0   MountVolume.SetUp failed for volume "minio-tenant-1-tls" : secret "minio-tenant-1-tls" not found
6m40s       Warning   FailedMount   pod/minio-tenant-1-zone-0-0   Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[0 minio-tenant-1-tls default-token-qk29w]: timed out waiting for the condition
11m         Warning   FailedMount   pod/minio-tenant-1-zone-0-0   Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[minio-tenant-1-tls default-token-qk29w 0]: timed out waiting for the condition
2m10s       Warning   FailedMount   pod/minio-tenant-1-zone-0-1   MountVolume.SetUp failed for volume "minio-tenant-1-tls" : secret "minio-tenant-1-tls" not found
8m48s       Warning   FailedMount   pod/minio-tenant-1-zone-0-1   Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[0 minio-tenant-1-tls default-token-qk29w]: timed out waiting for the condition
58m         Warning   FailedMount   pod/minio-tenant-1-zone-0-1   Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[default-token-qk29w 0 minio-tenant-1-tls]: timed out waiting for the condition
8s          Warning   FailedMount   pod/minio-tenant-1-zone-0-2   MountVolume.SetUp failed for volume "minio-tenant-1-tls" : secret "minio-tenant-1-tls" not found
56m         Warning   FailedMount   pod/minio-tenant-1-zone-0-2   Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[default-token-qk29w 0 minio-tenant-1-tls]: timed out waiting for the condition
11m         Warning   FailedMount   pod/minio-tenant-1-zone-0-2   Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[0 minio-tenant-1-tls default-token-qk29w]: timed out waiting for the condition
6m36s       Warning   FailedMount   pod/minio-tenant-1-zone-0-2   Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[minio-tenant-1-tls default-token-qk29w 0]: timed out waiting for the condition
6s          Warning   FailedMount   pod/minio-tenant-1-zone-0-3   MountVolume.SetUp failed for volume "minio-tenant-1-tls" : secret "minio-tenant-1-tls" not found
20m         Warning   FailedMount   pod/minio-tenant-1-zone-0-3   Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[0 minio-tenant-1-tls default-token-qk29w]: timed out waiting for the condition
11m         Warning   FailedMount   pod/minio-tenant-1-zone-0-3   Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[default-token-qk29w 0 minio-tenant-1-tls]: timed out waiting for the condition
6m52s       Warning   FailedMount   pod/minio-tenant-1-zone-0-3   Unable to attach or mount volumes: unmounted volumes=[minio-tenant-1-tls], unattached volumes=[minio-tenant-1-tls default-token-qk29w 0]: timed out waiting for the condition

and

$ kubectl logs -n minio deployment/minio-operator
I0204 07:46:21.956380       1 main-controller.go:964] Deploying zone zone-0
I0204 07:46:21.971246       1 csr.go:73] Generating private key
I0204 07:46:21.971353       1 csr.go:86] Generating CSR with CN=*.minio-tenant-1-hl.minio.svc.cluster.local
I0204 07:46:22.011007       1 csr.go:217] Start polling for certificate of csr/minio-tenant-1-minio-csr, every 5s, timeout after 20m0s
E0204 08:06:22.035285       1 csr.go:136] Unexpected error during the creation of the csr/minio-tenant-1-minio-csr: timeout during certificate fetching of csr/minio-tenant-1-minio-csr
E0204 08:06:22.035323       1 main-controller.go:784] error syncing 'minio/minio-tenant-1': timeout during certificate fetching of csr/minio-tenant-1-minio-csr
I0204 08:06:22.039730       1 main-controller.go:964] Deploying zone zone-0
I0204 08:06:22.105907       1 csr.go:217] Start polling for certificate of csr/minio-tenant-1-console-minio-csr, every 5s, timeout after 20m0s
E0204 08:26:22.108740       1 console-csr.go:81] Unexpected error during the creation of the csr/minio-tenant-1-console-minio-csr: timeout during certificate fetching of csr/minio-tenant-1-console-minio-csr
E0204 08:26:22.108778       1 main-controller.go:784] error syncing 'minio/minio-tenant-1': timeout during certificate fetching of csr/minio-tenant-1-console-minio-csr
I0204 08:26:22.113577       1 main-controller.go:964] Deploying zone zone-0

@nitisht
Copy link
Contributor

nitisht commented Feb 4, 2021

MountVolume.SetUp failed for volume "minio-tenant-1-tls" : secret "minio-tenant-1-tls" not found

Do you have this secret? Please create a fresh issue with details. You may or many not be hitting the same issue.

@jaggerwang
Copy link
Author

Is this still a problem @jaggerwang ? Can you paste the output kubectl describe pod <minio-pod-name>

$ kubectl describe pod minio-zone-0-0 -n minio
Name:           minio-zone-0-0
Namespace:      minio
Priority:       0
Node:           dev-kubenode4/10.28.113.14
Start Time:     Fri, 05 Feb 2021 14:23:16 +0800
Labels:         controller-revision-hash=minio-zone-0-68d5b8db6f
                statefulset.kubernetes.io/pod-name=minio-zone-0-0
                v1.min.io/tenant=minio
                v1.min.io/version=v3.0.29
                v1.min.io/zone=zone-0
Annotations:    <none>
Status:         Pending
IP:
IPs:            <none>
Controlled By:  StatefulSet/minio-zone-0
Containers:
  minio:
    Container ID:
    Image:         minio/minio:RELEASE.2020-11-19T23-48-16Z
    Image ID:
    Port:          9000/TCP
    Host Port:     0/TCP
    Args:
      server
      --certs-dir
      /tmp/certs
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Environment:
      MINIO_UPDATE:                  on
      MINIO_UPDATE_MINISIGN_PUBKEY:  RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
      MINIO_ARGS:                    <set to the key 'MINIO_ARGS' in secret 'operator-webhook-secret'>  Optional: false
      MINIO_ENDPOINTS:               https://minio-zone-0-{0...3}.minio-hl.minio.svc.cluster.local/export
      MINIO_OPERATOR_VERSION:        v3.0.29
      MINIO_ACCESS_KEY:              <set to the key 'accesskey' in secret 'minio-creds-secret'>  Optional: false
      MINIO_SECRET_KEY:              <set to the key 'secretkey' in secret 'minio-creds-secret'>  Optional: false
    Mounts:
      /export from 0 (rw)
      /tmp/certs from minio-tls (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-9cz7m (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  0:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  0-minio-zone-0-0
    ReadOnly:   false
  minio-tls:
    Type:                Projected (a volume that contains injected data from multiple sources)
    SecretName:          minio-tls
    SecretOptionalName:  <nil>
  default-token-9cz7m:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-9cz7m
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason       Age                  From               Message
  ----     ------       ----                 ----               -------
  Normal   Scheduled    2m23s                default-scheduler  Successfully assigned minio/minio-zone-0-0 to dev-kubenode4
  Warning  FailedMount  21s                  kubelet            Unable to attach or mount volumes: unmounted volumes=[0], unattached volumes=[0 minio-tls default-token-9cz7m]: timed out waiting for the condition
  Warning  FailedMount  16s (x9 over 2m23s)  kubelet            MountVolume.NewMounter initialization failed for volume "minio-kubenode4-data2" : path "/data2" does not exist

And the secrets:

image

@oiar
Copy link

oiar commented Feb 5, 2021

MountVolume.SetUp failed for volume "minio-tenant-1-tls" : secret "minio-tenant-1-tls" not found

Do you have this secret? Please create a fresh issue with details. You may or many not be hitting the same issue.

$ kubectl get secrets -n minio
NAME                            TYPE                                  DATA   AGE
default-token-qk29w             kubernetes.io/service-account-token   3      43h
minio-operator-token-tn8j5      kubernetes.io/service-account-token   3      38h
minio-tenant-1-console-secret   Opaque                                5      22h
minio-tenant-1-creds-secret     Opaque                                2      22h
operator-webhook-secret         Opaque                                3      22h

image

@harshavardhana
Copy link
Member

v4.0.0 released closing - please re-open if seen again

@jaggerwang
Copy link
Author

jaggerwang commented Feb 25, 2021

@harshavardhana Still not working~

image

I0225 02:55:18.516575       1 main.go:72] Starting MinIO Operator
I0225 02:55:18.866751       1 main.go:139] caBundle on CRD updated
I0225 02:55:18.867331       1 main-controller.go:250] Setting up event handlers
I0225 02:55:18.867787       1 main-controller.go:634] Starting Tenant controller
I0225 02:55:18.867808       1 main-controller.go:637] Waiting for informer caches to sync
I0225 02:55:18.885559       1 main-controller.go:598] operator TLS secret not found%!(EXTRA string=secrets "operator-tls" not found)
I0225 02:55:18.912356       1 csr.go:217] Start polling for certificate of csr/operator-minio-csr, every 5s, timeout after 20m0s
I0225 02:55:19.168152       1 main-controller.go:642] Starting workers
I0225 02:55:23.916355       1 csr.go:242] Certificate successfully fetched, creating secret with Private key and Certificate
I0225 02:55:23.922182       1 main-controller.go:601] Waiting for the operator certificates to be issued waiting for Operator cert
I0225 02:55:33.926111       1 main-controller.go:625] Starting api server
I0225 02:56:10.574991       1 main-controller.go:967] Deploying pool ss-0
I0225 02:56:11.633767       1 main-controller.go:972] Deploying pool failed ss-0
E0225 02:56:11.633853       1 main-controller.go:720] error syncing 'minio/minio': MinIO is not ready
I0225 02:56:20.523698       1 main-controller.go:967] Deploying pool ss-0
I0225 02:56:20.534207       1 csr.go:73] Generating private key
I0225 02:56:20.534320       1 csr.go:86] Generating CSR with CN=*.minio-hl.minio.svc.cluster.local
I0225 02:56:20.543886       1 csr.go:217] Start polling for certificate of csr/minio-minio-csr, every 5s, timeout after 20m0s
I0225 02:56:25.547914       1 csr.go:242] Certificate successfully fetched, creating secret with Private key and Certificate
E0225 02:56:25.553823       1 main-controller.go:720] error syncing 'minio/minio': waiting for minio cert
I0225 02:57:20.550228       1 main-controller.go:967] Deploying pool ss-0
I0225 02:57:20.571487       1 csr.go:217] Start polling for certificate of csr/minio-console-minio-csr, every 5s, timeout after 20m0s
I0225 02:57:25.575419       1 csr.go:242] Certificate successfully fetched, creating secret with Private key and Certificate
E0225 02:57:25.581003       1 main-controller.go:720] error syncing 'minio/minio': waiting for console cert
I0225 02:58:20.580339       1 main-controller.go:967] Deploying pool ss-0
E0225 02:58:21.691524       1 main-controller.go:720] error syncing 'minio/minio': MinIO is not ready
E0225 02:59:21.660232       1 main-controller.go:720] error syncing 'minio/minio': MinIO is not ready
E0225 03:00:22.705820       1 main-controller.go:720] error syncing 'minio/minio': MinIO is not ready
E0225 03:01:23.761745       1 main-controller.go:720] error syncing 'minio/minio': MinIO is not ready
E0225 03:02:24.818903       1 main-controller.go:720] error syncing 'minio/minio': MinIO is not ready
E0225 03:03:25.873881       1 main-controller.go:720] error syncing 'minio/minio': MinIO is not ready

image

Warning | FailedMount | Unable to attach or mount volumes: unmounted volumes=[0], unattached volumes=[minio-tls default-token-kdqqh 0]: timed out waiting for the condition | a few seconds ago
-- | -- | -- | --
Warning | FailedMount | MountVolume.NewMounter initialization failed for volume "minio-kubenode2-data2" : path "/data2" does not exist | a minute ago
Warning | FailedMount | Unable to attach or mount volumes: unmounted volumes=[0], unattached volumes=[0 minio-tls default-token-kdqqh]: timed out waiting for the condition | 3 minutes ago
Warning | FailedMount | Unable to attach or mount volumes: unmounted volumes=[0 minio-tls default-token-zgn67], unattached volumes=[0 minio-tls default-token-zgn67]: timed out waiting for the condition | 11 minutes ago
Normal | Scheduled | Successfully assigned minio/minio-ss-0-0 to dev-kubenode2 | Invalid date


@bmoqimi
Copy link

bmoqimi commented Mar 22, 2021

I have the exact same issue. Let me know what extra input I can provide and I would be more than happy to oblige. My logs are frighteningly similar so I thought there is no point in spamming the thread.
@jaggerwang did you find any temporary workaround ?

@jaggerwang
Copy link
Author

@bmoqimi No, still waiting~

@bmoqimi
Copy link

bmoqimi commented Mar 23, 2021

Just tested this on 2.5.8-rc1 with latest k8s and it works fine.

@jaggerwang
Copy link
Author

Finally I got the reason. In a kubernetes cluster created by rancher, kubelet is running in a container, so it can not access host's filesystem. You need to add the following extra args for kubelet in cluster yaml.

    kubelet:
      extra_binds:
        - '/data1:/data1'
        - '/data2:/data2'
        - '/data3:/data3'

More on rancher's doc https://rancher.com/docs/rke/latest/en/config-options/services/services-extras/#extra-binds.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants