TechQA.

VerneMQ in Kubernetes with persistent volume claim is throwing Forbidden: may not specify more than 1 volume type

445 views Asked by At

Unable to create Verne MQ pod in AWS EKS cluster with persistent volume claim for authentication and SSL. Below is my yaml file:

---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: vernemq-storage
provisioner: kubernetes.io/aws-ebs
parameters:
  type: gp2
reclaimPolicy: Retain
mountOptions:
  - debug
volumeBindingMode: Immediate
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: verne-aws-pv
spec:
  accessModes:
  - ReadWriteOnce
  awsElasticBlockStore:
    fsType: xfs
    volumeID: aws://ap-south-1a/vol-xxxxx
  capacity:
    storage: 1Gi
  persistentVolumeReclaimPolicy: Retain
  storageClassName: vernemq-storage
  volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    app: mysql
  name: verne-aws-pvc
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: gp2-retain
  volumeMode: Filesystem
  volumeName: verne-aws-pv
--- 
apiVersion: apps/v1
kind: StatefulSet
metadata: 
  name: vernemq
spec: 
  replicas: 1
  selector: 
    matchLabels: 
      app: vernemq
  serviceName: vernemq
  template: 
    metadata: 
      labels: 
        app: vernemq
    spec:
      serviceAccountName: vernemq
      terminationGracePeriodSeconds: 200
      containers:
      - name: vernemq
        image: vernemq/vernemq:latest
        imagePullPolicy: Always
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/bash
              - -c
              - /usr/sbin/vmq-admin cluster leave node=VerneMQ@${MY_POD_NAME}.vernemq.${DOCKER_VERNEMQ_KUBERNETES_NAMESPACE}.svc.cluster.local ; sleep 60 ; /usr/sbin/vmq-admin cluster leave node=VerneMQ@${MY_POD_NAME}.vernemq.${DOCKER_VERNEMQ_KUBERNETES_NAMESPACE}.svc.cluster.local -k; sleep 60;
        ports:
        - containerPort: 1883
          name: mqtt
          hostPort: 1883
        - containerPort: 8883
        - containerPort: 4369
          name: epmd
        - containerPort: 44053
          name: vmq
        - containerPort: 8888
          name: health
        - containerPort: 9100
        - containerPort: 9101
        - containerPort: 9102
        - containerPort: 9103
        - containerPort: 9104
        - containerPort: 9105
        - containerPort: 9106
        - containerPort: 9107
        - containerPort: 9108
        - containerPort: 9109
        - containerPort: 8888
        resources:
          limits:
            cpu: "2"
            memory: 3Gi
          requests:
            cpu: "1"
            memory: 1Gi
        env:
        - name: DOCKER_VERNEMQ_ACCEPT_EULA
          value: "yes"
        - name: MY_POD_NAME
          valueFrom:
           fieldRef:
             fieldPath: metadata.name
        - name: DOCKER_VERNEMQ_DISCOVERY_KUBERNETES
          value: "1"
        - name: DOCKER_VERNEMQ_KUBERNETES_APP_LABEL
          value: "vernemq"
        - name: DOCKER_VERNEMQ_KUBERNETES_NAMESPACE
          valueFrom:
           fieldRef:
             fieldPath: metadata.namespace
        - name: DOCKER_VERNEMQ_ERLANG__DISTRIBUTION__PORT_RANGE__MINIMUM
          value: "9100"
        - name: DOCKER_VERNEMQ_ERLANG__DISTRIBUTION__PORT_RANGE__MAXIMUM
          value: "9109"
        - name: DOCKER_VERNEMQ_ALLOW_ANONYMOUS
          value: "on"
        - name:  DOCKER_VERNEMQ_LISTENER__TCP__DEFAULT
          value: "0.0.0.0:1883"
        - name: DOCKER_VERNEMQ_VMQ_WEBHOOKS__POOL_timeout
          value: "6000"
        - name: DOCKER_VERNEMQ_LISTENER__HTTP__DEFAULT
          value: "0.0.0.0:8888"
        - name: DOCKER_VERNEMQ_LISTENER__MAX_CONNECTIONS
          value: "infinity"
        - name: DOCKER_VERNEMQ_LISTENER__NR_OF_ACCEPTORS
          value: "10000"
        - name: DOCKER_VERNEMQ_MAX_INFLIGHT_MESSAGES
          value: "0"
        - name:  DOCKER_VERNEMQ_ALLOW_MULTIPLE_SESSIONS
          value: "off"
        - name: DOCKER_VERNEMQ_ALLOW_REGISTER_DURING_NETSPLIT
          value: "on"
        - name: DOCKER_VERNEMQ_ALLOW_PUBLISH_DURING_NETSPLIT
          value: "on"
        - name: DOCKER_VERNEMQ_ALLOW_SUBSCRIBE_DURING_NETSPLIT
          value: "on"
        - name: DOCKER_VERNEMQ_ALLOW_UNSUBSCRIBE_DURING_NETSPLIT
          value: "on"
        - name: DOCKER_VERNEMQ_VMQ_PASSWD__PASSWORD_FILE
          value: "/etc/vernemq/vmq.passwd"
        - name: DOCKER_VERNEMQ_LISTENER__SSL__DEFAULT
          value: "0.0.0.0:8883"
        - name: DOCKER_VERNEMQ_LISTENER__SSL__CAFILE
          value: "/etc/ssl/ca.crt"
        - name: DOCKER_VERNEMQ_LISTENER__SSL__CERTFILE
          value: "/etc/ssl/server.crt"
        - name: DOCKER_VERNEMQ_LISTENER__SSL__KEYFILE
          value: "/etc/ssl/server.key"
        volumeMounts:
        - mountPath: /etc/ssl
          name: vernemq-certifications
          readOnly: true
        - mountPath: /etc/vernemq-passwd
          name: vernemq-passwd
          readOnly: true
      volumes:
      - name: vernemq-certifications
        persistentVolumeClaim:
          claimName: verne-aws-pvc
        secret:
          secretName: vernemq-certifications
      - name: vernemq-passwd
        persistentVolumeClaim:
          claimName: verne-aws-pvc
        secret:
          secretName: vernemq-passwd
---
apiVersion: v1
kind: Service
metadata:
  name: vernemq
  labels:
    app: vernemq
spec:
  clusterIP: None
  selector:
    app: vernemq
  ports:
  - port: 4369
    name: empd
  - port: 44053
    name: vmq
---
apiVersion: v1
kind: Service
metadata:
  name: mqtt
  labels:
    app: mqtt
spec:
  type: LoadBalancer
  selector:
    app: vernemq
  ports:
  - name: mqtt
    port: 1883
    targetPort: 1883
  - name: health
    port: 8888
    targetPort: 8888
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: vernemq
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: endpoint-reader
rules:
- apiGroups: ["", "extensions", "apps"]
  resources: ["endpoints", "deployments", "replicasets", "pods", "statefulsets", "persistentvolumeclaims"]
  verbs: ["get", "patch", "list", "watch", "delete"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: endpoint-reader
subjects:
- kind: ServiceAccount
  name: vernemq
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: endpoint-reader

Created an AWS EBS volume in the same region and subnet as in the node group and added it to the persistent volume storage.

Pod is not getting created instead when we do kubectl describe statefulset vernemq getting below error:

  Volumes:
   vernemq-certifications:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  vernemq-certifications
    Optional:    false
   vernemq-passwd:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  vernemq-passwd
    Optional:    false
Volume Claims:   <none>
Events:
  Type     Reason        Age                  From                    Message
  ----     ------        ----                 ----                    -------
  Warning  FailedCreate  2m2s (x5 over 2m2s)  statefulset-controller  create Pod vernemq-0 in StatefulSet vernemq failed error: pods "vernemq-0" is forbidden: error looking up service account default/vernemq: serviceaccount "vernemq" not found
  Warning  FailedCreate  40s (x10 over 2m2s)  statefulset-controller  create Pod vernemq-0 in StatefulSet vernemq failed error: Pod "vernemq-0" is invalid: [spec.volumes[0].persistentVolumeClaim: Forbidden: may not specify more than 1 volume type, spec.volumes[1].persistentVolumeClaim: Forbidden: may not specify more than 1 volume type, spec.containers[0].volumeMounts[0].name: Not found: "vernemq-certifications", spec.containers[0].volumeMounts[1].name: Not found: "vernemq-passwd"]
kubernetes amazon-eks mqtt-vernemq
Original Q&A
0

There are 0 answers

Related Questions in KUBERNETES

Related Questions in AMAZON-EKS

Related Questions in MQTT-VERNEMQ

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions