Issue with mounting GCP Cloud Volume SMB share on Windows nodes

Question

Issue with mounting GCP Cloud Volume SMB share on Windows nodes

mykkry3412 opened this issue a year ago · comments

What happened:

Suddenly our GKE Pods on Windows nodes have been failed to start with the following issue with mount GCP Cloud Volume SMB share:

MountVolume.MountDevice failed for volume "pv-smb" : rpc error: code = Internal desc = volume(xxx-xxxxx-xxx.example.iext/volume) mount "//xxx-xxxxx-xxx.example.iext/volume" on "\var\lib\kubelet\plugins\kubernetes.io\csi\smb.csi.k8s.io\8e971e40206b1bbce3ef5b1737ab3beeb84c1487f148907e7a43fd9985262c12\globalmount" failed with NewSmbGlobalMapping(\xxx-xxxxx-xxx.example.iext/volume, c:\var\lib\kubelet\plugins\kubernetes.io\csi\smb.csi.k8s.io\8e971e40206b1bbce3ef5b1737ab3beeb84c1487f148907e7a43fd9985262c12\globalmount) failed with error: rpc error: code = Unknown desc = NewSmbGlobalMapping failed. output: "New-SmbGlobalMapping : We can't sign you in with this credential because your domain isn't available. Make sure your \r\ndevice is connected to your organization's network and try again. If you previously signed in on this device with \r\nanother credential, you can sign in with that credential. \r\nAt line:1 char:190\r\n+ ... ser, $PWord;New-SmbGlobalMapping -RemotePath $Env:smbremotepath -Cred ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (MSFT_SmbGlobalMapping:ROOT/Microsoft/...mbGlobalMapping) [New-SmbGlobalMa \r\n pping], CimException\r\n + FullyQualifiedErrorId : Windows System Error 1311,New-SmbGlobalMapping\r\n \r\n", err: exit status 1

What you expected to happen:
Pods spun up with no issue mounting SMB Volume

How to reproduce it:
We can't reproduce this issue.

Anything else we need to know?:
We tried to create a separate user and replace it in CVS AD connection and then in k8s secret, however the issue still persists. I've tried to mount this SMB volume from within Windows node with NewSmbGlobalMapping powershell cmdlet as well, getting the same error.
We set GCP Cloud DNS forwarding zone and from the GKE cluster it points to the correct DC DNS server.
Environment:

CSI Driver version: v1.10.0
Kubernetes version (use kubectl version): 1.25, GKE v1.25.8-gke.500
OS (e.g. from /etc/os-release): Windows Server 2019 Datacenter
Kernel (e.g. uname -a):
Install tools:
Others:

Andy Zhang · Answer 1 · Wed May 24 2023 15:00:14 GMT+0800 (China Standard Time)

it said We can't sign you in with this credential because your domain isn't available

mykkry3412 · Answer 2 · Wed May 24 2023 15:30:01 GMT+0800 (China Standard Time)

@andyzhangx , yeah we checked connectivity to our DC and DNS discovery, also validated user credentials. Any thoughts?

Andy Zhang · Answer 3 · Wed May 24 2023 15:34:15 GMT+0800 (China Standard Time)

@lizhuqi any thoughts on this?

Julie Qi · Answer 4 · Thu May 25 2023 04:50:56 GMT+0800 (China Standard Time)

@lizhuqi any thoughts on this?

Add Matt

@mattcary