Labs - Authentication

JohnWrightUK · February 9, 2021, 1:11pm

Looks like there’s a problem with this lab. Even when using the solutions, I am getting the same error.

Step Ten
Type Reason Age From Message

Warning ProvisioningFailed 5s (x5 over 60s) persistentvolume-controller Failed to provision volume with StorageClass “px-secure-sc”: rpc error: code = Unauthenticated desc = Request unauthenticated with bearer

sensre · February 10, 2021, 1:46am

I am not sure about your lab env, but based on persistentvolume-controller message adding the below a comment.
The portworx pvc controller’s role is to handle the create and delete the PVCs from Kubernetes and forward the request to the Portworx API.On most clusters, this is handled by the built-in controller manager that ships with Kubernetes. This is because we have a native driver in Kubernetes.Additional deployment of portworx-pvc-controller is needed in either of below 2 cases

When the built-in controller manager is running on an isolated network: This is mostly seen in hosted installs like GKE on cloud, AKS etc where master nodes run on a different network. We also saw onprem Openshift 3.11 install master on an isolated network. Since the built-in controller manager runs on the master nodes, it cannot reach the Portworx API to create and delete volumes. And hence one needs to deploy it on the worker nodes
When Portworx is not installed in kube-system namespace: The PVC controller only looks like the portworx-service in the kube-system namespace by default. So if Portworx is not installed in the kube-system namespace, it needs to be additionally deployed on the worker nodes. When running on the worker nodes, it will also attempt to talk to Portworx locally on the node where it’s running.

Note: Change the Kubernetes version in the URL matching to your cluster k8s version: and they try to install and redeploy your applications. https://install.portworx.com/?comp=pvc-controller&kbver=1.17.4

Let me know, how it goes.

rwallner · February 10, 2021, 11:33am

I will take a look at this lab today to make sure it’s working correctly. Stay tuned.

Ryan_Wallner · February 10, 2021, 9:24pm

@JohnWrightUK I was able to run through this lab today without issue. Let me walk through the steps I took so you can compare against your steps.

Makes sure and edit the portworx deamonset. Note the jwt issuer and example domain as well as the new environment variables.

Then also make sure to edit the stork deployment, note the new environment variable.

Then once your portworx pods are all healthy, produce the token and create the secret

Then your secure PVC should work.

Hope this helps.

JohnWrightUK · February 11, 2021, 9:27am

Hi,

This looks to be working now. I think the instructions for Step 3 and Step 8 (potentially) have changed from when I posted this originally.

I wrongly combined the edits of the daemonset and deployment:

kubectl -n kube-system get ds portworx -o yaml > /root/px-spec.yaml

I made all the changes to this px-spec.yaml and applied them. I should have made seperate edits to the ds and deployment.

Thanks for the update on this!

Cheers.

Ryan_Wallner · February 11, 2021, 3:03pm

No Problem!

Yes, we tried to improve the language in the lab as well given your feedback.

Regards,
Ryan

Topic		Replies	Views
Persistentvolume-controller Failed Error Message Portworx Volumes	0	1007	February 10, 2021
Why and When you need portworx pvc-controller to be deployed Portworx Install install , pvc	1	1533	February 15, 2023
PVC stuck in pending because of i/o timeout during PVC provisioning Portworx on Kubernetes pvc	6	3221	October 11, 2022
Create PVC Fails with KVDB Connection Failed Message Portworx Essentials	0	680	November 9, 2021
PersistentVolumeClaim Failed to provision volume with StorageClass "px-storageclass" Portworx on Kubernetes	1	962	July 10, 2019

Labs - Authentication

Related topics