k8s使用ceph做pv存储

发表于 |

前提

以下教程,适合controller-manager可以执行ceph命令的kubernetes集群:如,controller-manager是用systemd启动的,如果是controller-manager运行于docker中,镜像里包含ceph。
否则,请参考这里这里

配置ceph

首先创建存储pv用的存储池

1
ceph osd pool create kube 64

创建访问数据的普通用户client.kube

1
ceph auth get-or-create client.kube mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=kube' -o ceph.client.kube.keyring

给池打个标签,说明是用于rbd块存储(不是必须的,老板本的ceph也不支持)

1
ceph osd pool application enable kube rbd

k8s配置storageclass

创建admin的secret

1
2
3
4
5
6
7
8
apiVersion: v1
data:
  key: QVFERTNicGJ0ZzhtSnhBQTQyaUJONXpvejhYRXpRZldjRy91SEE9PQ==
kind: Secret
metadata:
  name: ceph-secret-admin
  namespace: kube-system
type: kubernetes.io/rbd

key,由

1
ceph auth get-key client.admin |base64

来获取

创建普通用户的secret

需要每个去挂载pv的namespace都创建

1
2
3
4
5
6
7
8
apiVersion: v1
data:
  key: QVFBdVQ3eGJOcXZ3Q0JBQVNodDFaRWNJWTJtdXVaR2V0Z2xSSlE9PQ==
kind: Secret
metadata:
  name: ceph-secret-user
  namespace: test
type: kubernetes.io/rbd

key由

1
ceph auth get-key client.kube |base64

获取

创建StorageClass配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: rbd
provisioner: kubernetes.io/rbd
parameters:
  monitors: 10.168.136.188:6789
  adminId: admin
  adminSecretName: ceph-secret-admin
  adminSecretNamespace: kube-system
  pool: kube
  userId: kube
  userSecretName: ceph-secret-user
  imageFormat: "2"
  imageFeatures: "layering"

Monitors ceph mon的地址 参考自己集群里/etc/ceph/ceph.conf 的配置
adminId pool userId 根据自己集群的状况填写。
adminSecretName adminSecretNamespace userSecretName 和上面的secret创建的一致。

注意provisioner 字段,如果是controller-manager可以执行ceph命令,则是 kubernetes.io/rbd

如果是不满足条件,需要配置为 provisioner: ceph.com/rbd ,并且配置 ceph的external provision,需要部署个deployment,配置rbac相关的角色等,具体参考前面提到的github地址

测试

测试创建pvc

1
2
3
4
5
6
7
8
9
10
11
12
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: rbd-test-pvc
  namespace: test
spec:
  accessModes:     
     - ReadWriteOnce
  storageClassName: rbd
  resources:
     requests:
       storage: 100Mi

测试的pod

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod1
  labels:
     name: nginx-pod1
  namespace: test
spec:
  tolerations:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
      containers:
  - name: nginx-pod1
    image: 10.168.136.193:5000/nginx:1.15.5-alpine
    ports:
    - name: web
      containerPort: 80
      volumeMounts:
    - name: ceph-rdb
      mountPath: /usr/share/nginx/html
      volumes:
  - name: ceph-rdb
    persistentVolumeClaim:
      claimName: rbd-test-pvc

用kubectl apply -f ./*.yaml 执行

检查

检查相应的k8s对象

1
2
3
kubectl get pods -n test -o wide
kubectl get pvc -n test
kubectl get pv

在pod被调度的主机上 检查挂载

1
mount |head