Unable to mount volumes for pod on AKS

Question

I would like to use sonar-qube and deploy it on AKS (Azure Kubernetes). I want to store sonar logs, data, conf and extension on persistent volumes. However, it looks like AKS is not able to mount the volumes due to timeout.

I have build a single script that create volume + service + deployment and ingress. --> no success

I have tried to separate the volume creation from application creation and volume attachement --> no success

However, volumes are created and available on AZURE

Configuration :

• AKS version : 1.14.5
• Hardware types :Standard DS2 v2 (2 vcpus, 7 GiB memory)

Here is the scripts I use to create the volumes :

#Namespace creation
apiVersion: v1
kind: Namespace
metadata: 
  name: cicd
  labels: 
    name: cicd
---
#PVC for Sonar’s data directory creation
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sonar-data
  namespace: cicd  
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: default
  resources:
    requests:
      storage: 5G
---
#PVC for Sonar’s conf directory
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sonar-conf
  namespace: cicd  
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: default
  resources:
    requests:
      storage: 5Gi
---
#PVC for Sonar’s logs directory
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sonar-logs
  namespace: cicd  
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: default
  resources:
    requests:
      storage: 10Gi
---
#PVC for Sonar’s extensions directory
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sonar-extensions
  namespace: cicd  
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: default
  resources:
    requests:
      storage: 5Gi
---
#Create secretKeyRef

apiVersion: v1
kind: Secret
metadata:
  name: sonar-secret
  namespace: cicd
type: Opaque
data:
  password: *****************

Here is the script I use to create sonar :

#SonarQube deployment
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: sonarqube
  name: sonarqube
  namespace: cicd
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: sonarqube
    spec:
      securityContext:
        runAsUser: 0
        fsGroup: 0    
      containers:
        - name: sonarqube
          image: sonarqube:latest
          resources:
            requests:
              cpu: 500m
              memory: 1024Mi
            limits:
              cpu: 2000m
              memory: 2048Mi
          volumeMounts:
          - mountPath: "/opt/sonarqube/data/"
            name: sonar-data
          - mountPath: "/opt/sonarqube/extensions/"
            name: sonar-extensions
          - mountPath: "/opt/sonarqube/logs/"
            name: sonar-logs
          - mountPath: "/opt/sonarqube/conf/"
            name: sonar-conf
          env:
          - name: "SONARQUBE_JDBC_USERNAME"
            value: "sonar"
          - name: "SONARQUBE_JDBC_URL"
            value: "jdbc:sqlserver://internal-sql-az-westeurope.database.windows.net:1433;databaseName=Sonar;user=SONARQUBE_JDBC_USERNAME;password=SONAR_SQL_LOGIN_PASSWORD"
          - name: "SONARQUBE_JDBC_PASSWORD"
            valueFrom:
              secretKeyRef:
                name: sonar-secret
                key: password
          ports:
          - containerPort: 9000
            protocol: TCP
      volumes:
      - name: sonar-data
        persistentVolumeClaim:
          claimName: sonar-data
      - name: sonar-extensions
        persistentVolumeClaim:
          claimName: sonar-extensions
      - name: sonar-logs
        persistentVolumeClaim:
          claimName: sonar-logs
      - name: sonar-conf
        persistentVolumeClaim:
          claimName: sonar-conf
---
# --------------
# Service Object
# --------------
apiVersion: v1
kind: Service
metadata:
  labels:
    name: sonarqube
  name: sonarqube-service
  namespace: cicd
spec:
  ports:
    - port: 80 # Default port for image
      protocol: TCP
  selector:
    name: sonarqube

# -----------------
# Ingress object
# -----------------
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: sonarqube-api-ingress
  namespace: cicd
  annotations:
    kubernetes.io/ingress.class: nginx
    #Default is 'true'
    #nginx.ingress.kubernetes.io/ssl-redirect: "false" 
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    #https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range
    nginx.ingress.kubernetes.io/whitelist-source-range: "******"    
spec:
  tls:
  - hosts:
    - sonar.traceparts.com
    secretName: aks-ingress-tls-star-traceparts-com 
  rules:
  - host: sonar.traceparts.com
    http:
      paths:     
      - backend:
          serviceName: sonarqube-service
          servicePort: 80
        path: /(.*)         

Can someone helps me to understand the issue?

Answer 1

I talked to the Azure support guy and he told me to run the following command. This command fixed my issue immediately.

az resource update --ids /subscriptions/<SUBSCRIPTION-ID>/resourcegroups/<RESOURCE-GROUP>/providers/Microsoft.ContainerService/managedClusters/<AKS-CLUSTER-NAME>/agentpools/<NODE-GROUP-NAME>

Answer 2

Actually, when you create the persistent volumes via the YAML file and mount the Azure disks to the nodes, you need to wait for a while, Azure needs some time to attach the disks to the nodes. So the first failure because of the disks does not attach to the nodes.

Just be painted and wait for a while, then take a check with the command:

kubectl describe pvc --namespace cicd

It shows like below:

By the way, when you create the AKS cluster, it's service principal already have the Contributor role of the resource group which the nodes in. So generally the permission is enough, at least for the persistent volumes.