kubernetes - 尝试将加密的 AWS EFS 与 EKS 中的 efs-csi-node 连接时出现挂载错误

Question

我尝试连接未加密的 EFS，它工作正常，但使用加密的 EFS，pod 抛出以下错误:

  Normal   Scheduled    10m                    default-scheduler                                     Successfully assigned default/jenkins-efs-test-8ffb4dc86-xnjdj to ip-10-100-4-249.ap-south-1.compute.internal
  Warning  FailedMount  6m33s (x2 over 8m49s)  kubelet, ip-10-100-4-249.ap-south-1.compute.internal  Unable to attach or mount volumes: unmounted volumes=[jenkins-home], unattached volumes=[sc-config-volume tmp jenkins-home jenkins-config secrets-dir plugins plugin-dir jenkins-efs-test-token-7nmkz]: timed out waiting for the condition
  Warning  FailedMount  4m19s                  kubelet, ip-10-100-4-249.ap-south-1.compute.internal  Unable to attach or mount volumes: unmounted volumes=[jenkins-home], unattached volumes=[plugins plugin-dir jenkins-efs-test-token-7nmkz sc-config-volume tmp jenkins-home jenkins-config secrets-dir]: timed out waiting for the condition
  Warning  FailedMount  2m2s                   kubelet, ip-10-100-4-249.ap-south-1.compute.internal  Unable to attach or mount volumes: unmounted volumes=[jenkins-home], unattached volumes=[tmp jenkins-home jenkins-config secrets-dir plugins plugin-dir jenkins-efs-test-token-7nmkz sc-config-volume]: timed out waiting for the condition
  Warning  FailedMount  35s (x13 over 10m)     kubelet, ip-10-100-4-249.ap-south-1.compute.internal  MountVolume.SetUp failed for volume "efs-pv" : kubernetes.io/csi: mounter.SetupAt failed: rpc error: code = Internal desc = Could not mount "" at "/var/lib/kubelet/pods/354800a1-dcf5-4812-aa91-0e84ca6fba59/volumes/kubernetes.io~csi/efs-pv/mount": mount failed: exit status 1
Mounting command: mount
Mounting arguments: -t efs /var/lib/kubelet/pods/354800a1-dcf5-4812-aa91-0e84ca6fba59/volumes/kubernetes.io~csi/efs-pv/mount
Output: mount: /var/lib/kubelet/pods/354800a1-dcf5-4812-aa91-0e84ca6fba59/volumes/kubernetes.io~csi/efs-pv/mount: can't find in /etc/fstab.

我在这里想念什么？

Answer 1

您没有指定 K8s list 是什么或任何配置。 There shouldn't be any difference between encrypted and non-encrypted volumes when it comes to mounting from the client-side .本质上，AWS 使用 KMS 为您管理加密 key 。 .
您看到的错误基本上是因为 the mount command is not specifying the mount point因此，在使用未加密的 EFS 卷时，您必须更改 K8s 方面的其他一些默认配置。另外，EFS Mount helper在您尝试挂载 EFS 卷的 Kubernetes 节点上可用？
✌️