Hashicorp 保险库 pods 处于待定状态
Hashicorp vault pods with pending status
我部署了具有 3 个副本的 hashicorp 保管库。 Pod vault-0 是 运行 但其他两个 pods 处于待处理状态。
enter image description here
这是我的覆盖 yaml,
# Vault Helm Chart Value Overrides
global:
enabled: true
tlsDisable: true
injector:
enabled: true
# Use the Vault K8s Image https://github.com/hashicorp/vault-k8s/
image:
repository: "hashicorp/vault-k8s"
tag: "0.9.0"
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 256Mi
cpu: 250m
affinity: ""
server:
auditStorage:
enabled: true
standalone:
enabled: false
image:
repository: "hashicorp/vault"
tag: "1.6.3"
resources:
requests:
memory: 4Gi
cpu: 1000m
limits:
memory: 8Gi
cpu: 1000m
ha:
enabled: true
replicas: 3
raft:
enabled: true
setNodeId: true
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "raft" {
path = "/vault/data"
}
service_registration "kubernetes" {}
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
service_registration "kubernetes" {}
# Vault UI
ui:
enabled: true
serviceType: "ClusterIP"
externalPort: 8200
kubectl describe 进入 pending 了吗 pods 可以看到如下状态信息。我不确定我是否在覆盖文件中添加了正确的关联设置。不确定我做错了什么。我正在使用 vault helm charts 部署到 docker 桌面本地集群。感谢任何帮助。
enter image description here
您的 values.yaml 文件中存在一些问题。
1.You 设置
server:
auditStorage:
enabled: true
但您没有指定 PVC 的创建方式以及存储 class 是什么。如果启用存储,图表希望您这样做。看看:https://github.com/hashicorp/vault-helm/blob/master/values.yaml#L446
如果您只是在本地机器上测试或指定存储配置,请将其设置为 false。
2.You 为注入器设置空关联变量,但不为服务器设置空关联变量。集
affinity: ""
服务器也是如此。看:https://github.com/hashicorp/vault-helm/blob/master/values.yaml#L347
3.An 未初始化和密封的 Vault 集群并不真正可用。您需要在 Vault 准备就绪之前对其进行初始化和解封。这意味着设置一个readinessProbe。像这样:
server:
readinessProbe:
path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204"
4.Last 一个,但这是可选的。那些内存请求:
resources:
requests:
memory: 4Gi
cpu: 1000m
limits:
memory: 8Gi
cpu: 1000m
有点偏高。设置 3 个副本的 HA 集群,每个副本请求 4Gi 内存可能会导致 Insufficient memory 错误 - 最有可能在本地集群上部署时发生。
但话又说回来,你的本地机器可能有 32 GB 的内存——我不知道 ;) 如果没有,trim 降低那些以适应你的机器。
所以以下值对我有用:
# Vault Helm Chart Value Overrides
global:
enabled: true
tlsDisable: true
injector:
enabled: true
# Use the Vault K8s Image https://github.com/hashicorp/vault-k8s/
image:
repository: "hashicorp/vault-k8s"
tag: "0.9.0"
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 256Mi
cpu: 250m
affinity: ""
server:
auditStorage:
enabled: false
standalone:
enabled: false
image:
repository: "hashicorp/vault"
tag: "1.6.3"
resources:
requests:
memory: 256Mi
cpu: 200m
limits:
memory: 512Mi
cpu: 400m
affinity: ""
readinessProbe:
enabled: true
path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204"
ha:
enabled: true
replicas: 3
raft:
enabled: true
setNodeId: true
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "raft" {
path = "/vault/data"
}
service_registration "kubernetes" {}
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
service_registration "kubernetes" {}
# Vault UI
ui:
enabled: true
serviceType: "ClusterIP"
externalPort: 8200
我部署了具有 3 个副本的 hashicorp 保管库。 Pod vault-0 是 运行 但其他两个 pods 处于待处理状态。 enter image description here
这是我的覆盖 yaml,
# Vault Helm Chart Value Overrides
global:
enabled: true
tlsDisable: true
injector:
enabled: true
# Use the Vault K8s Image https://github.com/hashicorp/vault-k8s/
image:
repository: "hashicorp/vault-k8s"
tag: "0.9.0"
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 256Mi
cpu: 250m
affinity: ""
server:
auditStorage:
enabled: true
standalone:
enabled: false
image:
repository: "hashicorp/vault"
tag: "1.6.3"
resources:
requests:
memory: 4Gi
cpu: 1000m
limits:
memory: 8Gi
cpu: 1000m
ha:
enabled: true
replicas: 3
raft:
enabled: true
setNodeId: true
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "raft" {
path = "/vault/data"
}
service_registration "kubernetes" {}
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
service_registration "kubernetes" {}
# Vault UI
ui:
enabled: true
serviceType: "ClusterIP"
externalPort: 8200
kubectl describe 进入 pending 了吗 pods 可以看到如下状态信息。我不确定我是否在覆盖文件中添加了正确的关联设置。不确定我做错了什么。我正在使用 vault helm charts 部署到 docker 桌面本地集群。感谢任何帮助。
enter image description here
您的 values.yaml 文件中存在一些问题。
1.You 设置
server:
auditStorage:
enabled: true
但您没有指定 PVC 的创建方式以及存储 class 是什么。如果启用存储,图表希望您这样做。看看:https://github.com/hashicorp/vault-helm/blob/master/values.yaml#L446 如果您只是在本地机器上测试或指定存储配置,请将其设置为 false。
2.You 为注入器设置空关联变量,但不为服务器设置空关联变量。集
affinity: ""
服务器也是如此。看:https://github.com/hashicorp/vault-helm/blob/master/values.yaml#L347
3.An 未初始化和密封的 Vault 集群并不真正可用。您需要在 Vault 准备就绪之前对其进行初始化和解封。这意味着设置一个readinessProbe。像这样:
server:
readinessProbe:
path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204"
4.Last 一个,但这是可选的。那些内存请求:
resources:
requests:
memory: 4Gi
cpu: 1000m
limits:
memory: 8Gi
cpu: 1000m
有点偏高。设置 3 个副本的 HA 集群,每个副本请求 4Gi 内存可能会导致 Insufficient memory 错误 - 最有可能在本地集群上部署时发生。
但话又说回来,你的本地机器可能有 32 GB 的内存——我不知道 ;) 如果没有,trim 降低那些以适应你的机器。
所以以下值对我有用:
# Vault Helm Chart Value Overrides
global:
enabled: true
tlsDisable: true
injector:
enabled: true
# Use the Vault K8s Image https://github.com/hashicorp/vault-k8s/
image:
repository: "hashicorp/vault-k8s"
tag: "0.9.0"
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 256Mi
cpu: 250m
affinity: ""
server:
auditStorage:
enabled: false
standalone:
enabled: false
image:
repository: "hashicorp/vault"
tag: "1.6.3"
resources:
requests:
memory: 256Mi
cpu: 200m
limits:
memory: 512Mi
cpu: 400m
affinity: ""
readinessProbe:
enabled: true
path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204"
ha:
enabled: true
replicas: 3
raft:
enabled: true
setNodeId: true
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "raft" {
path = "/vault/data"
}
service_registration "kubernetes" {}
config: |
ui = true
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
service_registration "kubernetes" {}
# Vault UI
ui:
enabled: true
serviceType: "ClusterIP"
externalPort: 8200