amazon-eksaws-fargateeksctl

problem to schedule pod in fargate with error "Pod not supported on Fargate: volumes not supported: dir-authentication not supported because:"


New to AWS EKS Fargate.

I created a cluster on aws EKS fargate and then proceed to install a helm chart; and the pods are all in pending state, looking at the pod description, I noticed there is some errors as

eksctl create cluster -f cluster-fargate.yaml


k -n bd describe pod bd-blackduck-authentication-6c8ff5cc85-jwr8m
Name:                 bd-blackduck-authentication-6c8ff5cc85-jwr8m
Namespace:            bd
Priority:             2000001000
Priority Class Name:  system-node-critical
Node:                 <none>
Labels:               app=blackduck
                      component=authentication
                      eks.amazonaws.com/fargate-profile=fp-bd
                      name=bd
                      pod-template-hash=6c8ff5cc85
                      version=2021.10.5
Annotations:          checksum/blackduck-config: 6c1796e5e4218c71ea2ae7a1249fefbb6f7c216f702ea38919a0bb9751b06922
                      checksum/postgres-config: f21777c0b5bf24b5535a5b4a8dbf98a5df9c9dd2f4a48e5219dcccf46301a982
                      kubernetes.io/psp: eks.privileged
Status:               Pending
IP:
IPs:                  <none>
Controlled By:        ReplicaSet/bd-blackduck-authentication-6c8ff5cc85
Init Containers:
  bd-blackduck-postgres-waiter:
    Image:      docker.io/blackducksoftware/blackduck-postgres-waiter:1.0.0
    Port:       <none>
    Host Port:  <none>
    Environment Variables from:
      bd-blackduck-config  ConfigMap  Optional: false
    Environment:
      POSTGRES_HOST:  <set to the key 'HUB_POSTGRES_HOST' of config map 'bd-blackduck-db-config'>  Optional: false
      POSTGRES_PORT:  <set to the key 'HUB_POSTGRES_PORT' of config map 'bd-blackduck-db-config'>  Optional: false
      POSTGRES_USER:  <set to the key 'HUB_POSTGRES_USER' of config map 'bd-blackduck-db-config'>  Optional: false
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-85q7d (ro)
Containers:
  authentication:
    Image:      docker.io/blackducksoftware/blackduck-authentication:2021.10.5
    Port:       8443/TCP
    Host Port:  0/TCP
    Limits:
      memory:  1Gi
    Requests:
      memory:  1Gi
    Liveness:  exec [/usr/local/bin/docker-healthcheck.sh https://127.0.0.1:8443/api/health-checks/liveness /opt/blackduck/hub/hub-authentication/security/root.crt /opt/blackduck/hub/hub-authentication/security/blackduck_system.crt /opt/blackduck/hub/hub-authentication/security/blackduck_system.key] delay=240s timeout=10s period=30s #success=1 #failure=10
    Environment Variables from:
      bd-blackduck-db-config  ConfigMap  Optional: false
      bd-blackduck-config     ConfigMap  Optional: false
    Environment:
      HUB_MAX_MEMORY:                              512m
      DD_ENABLED:                                  false
      HUB_MANAGEMENT_ENDPOINT_PROMETHEUS_ENABLED:  false
    Mounts:
      /opt/blackduck/hub/hub-authentication/ldap from dir-authentication (rw)
      /opt/blackduck/hub/hub-authentication/security from dir-authentication-security (rw)
      /tmp/secrets/HUB_POSTGRES_ADMIN_PASSWORD_FILE from db-passwords (rw,path="HUB_POSTGRES_ADMIN_PASSWORD_FILE")
      /tmp/secrets/HUB_POSTGRES_USER_PASSWORD_FILE from db-passwords (rw,path="HUB_POSTGRES_USER_PASSWORD_FILE")
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-85q7d (ro)
Conditions:
  Type           Status
  PodScheduled   False
Volumes:
  dir-authentication:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  bd-blackduck-authentication
    ReadOnly:   false
  db-passwords:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  bd-blackduck-db-creds
    Optional:    false
  dir-authentication-security:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  kube-api-access-85q7d:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   Burstable
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason            Age   From               Message
  ----     ------            ----  ----               -------
  Warning  FailedScheduling  58s   fargate-scheduler  Pod not supported on Fargate: volumes not supported: dir-authentication not supported because: PVC bd-blackduck-authentication not bound

my storageClass is currently set to gp2 in my values.yaml.

what can I do next to troubleshoot this?


Solution

  • Currently, Fargate does not support PersistentVolume back by EBS. You can use EFS instead.