Kubernetes 1.20.5实验记录–数据卷和数据持久化(Ceph RBD PV&PVC)
1.1 Ceph RBD PV&PVC
1.1.1 静态方式
1、配置Ceph集群:
略
2、创建存储池:
ceph osd pool create cephpool 128
3、创建块设备映射:
rbd create --size 1024 cephpool/cephimage --image-feature layering
4、获取映像列表:
rbd list cephpool
5、查看映像信息:
rbd info cephpool/cephimage
6、获取client.admin的keyring值:
ceph auth get-key client.admin | base64
QVFCQVg4bGdlb0RrR2hBQUtFNDg2ZS8rRkVySVFMc3NmNUhmVXc9PQ==
7、Worker节点安装ceph-common:
yum -y install ceph-common
8、创建Secret:
Secret中的key为client.admin keyring值的base64编码
文件cephrbd-static-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: cephrbd-static-secret
type: kubernetes.io/rbd
data:
key: QVFCQVg4bGdlb0RrR2hBQUtFNDg2ZS8rRkVySVFMc3NmNUhmVXc9PQ==
kubectl apply -f cephrbd-static-secret.yaml
9、查看Secret:
kubectl get secret
10、创建PV:
文件cephrbd-static-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: cephrbd-static-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
storageClassName: rbd
rbd:
monitors:
- 192.168.0.100:6789
pool: cephpool
image: cephimage
user: admin
secretRef:
name: cephrbd-static-secret
fsType: xfs
readOnly: false
persistentVolumeReclaimPolicy: Recycle
kubectl apply -f cephrbd-static-pv.yaml
11、查看PV状态:
kubectl get pv
12、创建PVC:
文件cephrbd-static-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cephrbd-static-pvc
spec:
storageClassName: rbd
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
kubectl apply -f cephrbd-static-pvc.yaml
13、查看PVC状态:
kubectl get pvc
14、创建Pod:
文件cephrbd-static-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: cephrbd-static-pod
spec:
containers:
- name: cephrbd-static-pod
image: busybox
args:
- /bin/sh
- -c
- sleep 3000
volumeMounts:
- name: data
mountPath: /data
readOnly: false
volumes:
- name: data
persistentVolumeClaim:
claimName: cephrbd-static-pvc
kubectl apply -f cephrbd-static-pod.yaml
15、查看Pod状态:
kubectl get pod -o wide
16、查看Pod内挂载情况:
kubectl exec -it cephrbd-static-pod -- sh
17、删除Pod:
kubectl delete -f cephrbd-static-pod.yaml
18、删除PVC:
kubectl delete -f cephrbd-static-pvc.yaml
或
kubectl delete pvc cephrbd-static-pvc
19、删除PV:
kubectl delete -f cephrbd-static-pv.yaml
或
kubectl delete pv cephrbd-static-pv
20、删除Secret:
kubectl delete -f cephrbd-static-secret.yaml
1.1.2 动态方式
1、配置Ceph集群:
略
2、创建存储池:
ceph osd pool create cephpool 128
3、查看存储池:
ceph osd pool ls
4、创建Kubernetes访问ceph的用户:
ceph auth get-or-create client.kube mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=cephpool' -o ceph.client.kube.keyring
5、获取client.admin和client.kube的keyring值:
ceph auth get-key client.admin | base64
QVFCQVg4bGdlb0RrR2hBQUtFNDg2ZS8rRkVySVFMc3NmNUhmVXc9PQ==
ceph auth get-key client.kube | base64
QVFCZ2RNbGcrNkRzSXhBQVhqT2ZDV0FwYnhoYXBzU29qQzFXWFE9PQ==
6、禁用selfLink(1.20.x版本需要配置)
修改/etc/kubernetes/manifests/kube-apiserver.yaml
添加- --feature-gates=RemoveSelfLink=false
7、Worker节点安装ceph-common:
yum -y install ceph-common
8、创建rbd provisioner和其他额外配置:
文件夹RBAC文件:
serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: rbd-provisioner
role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: rbd-provisioner
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rbd-provisioner
subjects:
- kind: ServiceAccount
name: rbd-provisioner
roleRef:
kind: Role
name: rbd-provisioner
apiGroup: rbac.authorization.k8s.io
clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rbd-provisioner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
- apiGroups: [""]
resources: ["services"]
resourceNames: ["kube-dns","coredns"]
verbs: ["list", "get"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rbd-provisioner
subjects:
- kind: ServiceAccount
name: rbd-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: rbd-provisioner
apiGroup: rbac.authorization.k8s.io
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: rbd-provisioner
spec:
replicas: 1
selector:
matchLabels:
app: rbd-provisioner
strategy:
type: Recreate
template:
metadata:
labels:
app: rbd-provisioner
spec:
serviceAccount: rbd-provisioner
containers:
- name: rbd-provisioner
image: "quay.io/external_storage/rbd-provisioner:latest"
env:
- name: PROVISIONER_NAME
value: ceph.com/rbd
kubectl apply -f RBAC/
9、查看Pod状态:
kubectl get pod -o wide
10、创建Secret:
Secret中的key为client.admin和client.kube keyring值的base64编码
文件cephrbd-dynamic-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: cephrbd-dynamic-admin-secret
type: kubernetes.io/rbd
data:
key: QVFCQVg4bGdlb0RrR2hBQUtFNDg2ZS8rRkVySVFMc3NmNUhmVXc9PQ==
---
apiVersion: v1
kind: Secret
metadata:
name: cephrbd-dynamic-kube-secret
type: kubernetes.io/rbd
data:
key: QVFCZ2RNbGcrNkRzSXhBQVhqT2ZDV0FwYnhoYXBzU29qQzFXWFE9PQ==
kubectl apply -f cephrbd-dynamic-secret.yaml
11、查看Secret:
kubectl get secret
12、创建StorageClass:
文件cephrbd-storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: cephrbd-storageclass
provisioner: ceph.com/rbd
parameters:
monitors: 192.168.0.100:6789
adminId: admin
adminSecretName: cephrbd-dynamic-admin-secret
pool: cephpool
userId: kube
userSecretName: cephrbd-dynamic-kube-secret
fsType: ext4
imageFormat: "2"
imageFeatures: "layering"
kubectl apply -f cephrbd-storageclass.yaml
13、查看StorageClass:
kubectl get storageclass
14、创建PVC:
文件cephrbd-dynamic-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cephrbd-dynamic-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: cephrbd-storageclass
resources:
requests:
storage: 1Gi
kubectl apply -f cephrbd-dynamic-pvc.yaml
15、查看PVC状态:
kubectl get pvc
16、查看PV状态:
kubectl get pv
17、获取Ceph集群映像列表:
rbd list cephpool
18、查看Ceph集群映像信息:
rbd info cephpool/kubernetes-dynamic-pvc-708c1657-ce57-11eb-a208-26db87b01b5e
19、创建Pod:
文件cephrbd-dynamic-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: cephrbd-dynamic-pod
spec:
containers:
- name: cephrbd-dynamic-pod
image: busybox
args:
- /bin/sh
- -c
- sleep 3000
volumeMounts:
- name: data
mountPath: /data
readOnly: false
volumes:
- name: data
persistentVolumeClaim:
claimName: cephrbd-dynamic-pvc
kubectl apply -f cephrbd-dynamic-pod.yaml
20、查看Pod状态:
kubectl get pod -o wide
21、查看Pod内挂载情况:
kubectl exec -it cephrbd-dynamic-pod -- sh
22、删除Pod:
kubectl delete -f cephrbd-dynamic-pod.yaml
23、删除PVC:
kubectl delete -f cephrbd-dynamic-pvc.yaml
或
kubectl delete pvc cephrbd-dynamic-pvc
24、删除StorageClass:
kubectl delete -f cephrbd-storageclass.yaml
25、删除Secret:
kubectl delete -f cephrbd-dynamic-secret.yaml
26、删除rbd provisioner和其他额外配置:
kubectl delete -f RBAC/