第一章 Rook安装
rook的版本大于1.3,不要使用目录创建集群,要使用单独的裸盘进行创建,也就是创建一个新的磁盘,挂载到宿主机,不进行格式化,直接使用即可。对于的磁盘节点配置如下:
做这个实验需要高配置,每个节点配置不能低于2核4G
k8s 1.19以上版本,快照功能需要单独安装snapshot控制器
下载Rook安装文件
下载指定版本Rook
git clone --single-branch --branch v1.6.3 https://github.com/rook/rook.git
配置更改
cd rook/cluster/examples/kubernetes/ceph
修改Rook CSI镜像地址,原本的地址可能是gcr的镜像,但是gcr的镜像无法被国内访问,所以需要同步gcr的镜像到阿里云镜像仓库,文档版本已经完成同步,可以直接修改如下:
vim operator.yaml
将
改为:
ROOK_CSI_REGISTRAR_IMAGE: "registry.cn-beijing.aliyuncs.com/dotbalo/csi-node-driver-registrar:v2.0.1"
ROOK_CSI_RESIZER_IMAGE: "registry.cn-beijing.aliyuncs.com/dotbalo/csi-resizer:v1.0.1"
ROOK_CSI_PROVISIONER_IMAGE: "registry.cn-beijing.aliyuncs.com/dotbalo/csi-provisioner:v2.0.4"
ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.cn-beijing.aliyuncs.com/dotbalo/csi-snapshotter:v4.0.0"
ROOK_CSI_ATTACHER_IMAGE: "registry.cn-beijing.aliyuncs.com/dotbalo/csi-attacher:v3.0.2"
如果是其他版本,需要自行同步,同步方法可以在网上找到相关文章。可以参考https://blog.csdn.net/sinat_35543900/article/details/103290782
还是operator文件,新版本rook默认关闭了自动发现容器的部署,可以找到ROOK_ENABLE_DISCOVERY_DAEMON改成true即可:
部署rook
1.6.3版本的部署步骤如下:
cd cluster/examples/kubernetes/ceph
kubectl create -f crds.yaml -f common.yaml -f operator.yaml
等待operator容器和discover容器启动
[root@k8s-master01 ceph]# kubectl -n rook-ceph get pod
NAME READY STATUS RESTARTS AGE
rook-ceph-operator-65965c66b5-q4529 1/1 Running 0 7m43s
rook-discover-7bjbn 1/1 Running 0 5m31s
rook-discover-dv4bn 1/1 Running 0 5m31s
rook-discover-gbln2 1/1 Running 0 5m31s
rook-discover-hlqrg 1/1 Running 0 5m31s
rook-discover-np7pb 1/1 Running 0 5m31s
第二章 创建ceph集群
配置更改
主要更改的是osd节点所在的位置:
cd cluster/examples/kubernetes/ceph
vim cluster.yaml
新版必须采用裸盘,即未格式化的磁盘。其中k8s-master02 k8s-node01 node02有新加的一个磁盘,可以通过lsblk -f查看新添加的磁盘名称。建议最少三个节点,否则后面的试验可能会出现问题
创建Ceph集群
kubectl create -f cluster.yaml
创建完成后,可以查看pod的状态:
[root@k8s-master01 ceph]# kubectl -n rook-ceph get pod
NAME READY STATUS RESTARTS AGE
csi-cephfsplugin-cp2s5 3/3 Running 0 27m
csi-cephfsplugin-h4wb5 3/3 Running 0 27m
csi-cephfsplugin-jznvn 3/3 Running 0 27m
csi-cephfsplugin-k9q28 3/3 Running 0 27m
csi-cephfsplugin-provisioner-574976878-f5n7c 6/6 Running 0 27m
csi-cephfsplugin-provisioner-574976878-p7vcx 6/6 Running 0 27m
csi-cephfsplugin-z2645 3/3 Running 0 27m
csi-rbdplugin-7fzmv 3/3 Running 0 27m
csi-rbdplugin-7xsrp 3/3 Running 0 27m
csi-rbdplugin-b9lqh 3/3 Running 0 27m
csi-rbdplugin-dx2jk 3/3 Running 0 27m
csi-rbdplugin-provisioner-884fb5b55-dm5dl 6/6 Running 0 27m
csi-rbdplugin-provisioner-884fb5b55-z4p49 6/6 Running 0 27m
csi-rbdplugin-x4snv 3/3 Running 0 27m
rook-ceph-crashcollector-k8s-master02-f9db7d85d-lltdp 1/1 Running 0 17m
rook-ceph-crashcollector-k8s-node01-747795874c-5cdz6 1/1 Running 0 17m
rook-ceph-crashcollector-k8s-node02-5d4867cfb8-n74wn 1/1 Running 0 17m
rook-ceph-mgr-a-77bf97745c-4hqpp 1/1 Running 0 17m
rook-ceph-mon-a-6d4444d6bf-jvlxw 1/1 Running 0 19m
rook-ceph-mon-b-68b66fd889-x28bf 1/1 Running 0 17m
rook-ceph-mon-c-54bb69686-v8ftf 1/1 Running 0 17m
rook-ceph-operator-65965c66b5-q4529 1/1 Running 0 50m
rook-ceph-osd-0-667c867b46-m8nnj 1/1 Running 0 17m
rook-ceph-osd-1-56784d575b-vm8mc 1/1 Running 0 17m
rook-ceph-osd-2-74f856bb8c-s2r69 1/1 Running 0 17m
rook-ceph-osd-prepare-k8s-master02-nf7qn 0/1 Completed 0 16m
rook-ceph-osd-prepare-k8s-node01-jkm6g 0/1 Completed 0 16m
rook-ceph-osd-prepare-k8s-node02-xr4rt 0/1 Completed 0 16m
rook-discover-7bjbn 1/1 Running 0 48m
rook-discover-dv4bn 1/1 Running 0 48m
rook-discover-gbln2 1/1 Running 0 48m
rook-discover-hlqrg 1/1 Running 0 48m
rook-discover-np7pb 1/1 Running 0 48m
需要注意的是,osd-x的容器必须是存在的,且是正常的。如果上述Pod均正常,则认为集群安装成功。
更多配置:https://rook.io/docs/rook/v1.6/ceph-cluster-crd.html
安装ceph snapshot控制器
k8s 1.19版本以上需要单独安装snapshot控制器,才能完成pvc的快照功能,所以在此提前安装下
snapshot控制器的部署在集群安装时的k8s-ha-install项目中,需要切换到1.20.x分支:
cd /root/k8s-ha-install/
git checkout manual-installation-v1.20.x
创建snapshot controller:
kubectl create -f snapshotter/ -n kube-system
[root@k8s-master01 k8s-ha-install]# kubectl get po -n kube-system -l app=snapshot-controller
NAME READY STATUS RESTARTS AGE
snapshot-controller-0 1/1 Running 0 51s
具体文档:https://rook.io/docs/rook/v1.6/ceph-csi-snapshot.html
第三章 安装ceph客户端工具
[root@k8s-master01 k8s-ha-install]# cd /rook/cluster/examples/kubernetes/ceph
[root@k8s-master01 ceph]# kubectl create -f toolbox.yaml -n rook-ceph
deployment.apps/rook-ceph-tools created
待容器Running后,即可执行相关命令
[root@k8s-master01 ceph]# kubectl get po -n rook-ceph -l app=rook-ceph-tools
NAME READY STATUS RESTARTS AGE
rook-ceph-tools-fc5f9586c-wq72t 1/1 Running 0 38s
[root@k8s-master01 ceph]# kubectl -n rook-ceph exec -it deploy/rook-ceph-tools -- bash
[root@rook-ceph-tools-fc5f9586c-wq72t /]# ceph status
cluster:
id: b23b3611-f332-40a7-bd4b-f555458ce160
health: HEALTH_WARN
mons are allowing insecure global_id reclaim
services:
mon: 3 daemons, quorum a,b,c (age 7m)
mgr: a(active, since 7m)
osd: 3 osds: 3 up (since 7m), 3 in (since 10h)
data:
pools: 1 pools, 1 pgs
objects: 0 objects, 0 B
usage: 3.0 GiB used, 57 GiB / 60 GiB avail
pgs: 1 active+clean
[root@rook-ceph-tools-fc5f9586c-wq72t /]# ceph osd status
ID HOST USED AVAIL WR OPS WR DATA RD OPS RD DATA STATE
0 k8s-node01 1027M 18.9G 0 0 0 0 exists,up
1 k8s-node02 1027M 18.9G 0 0 0 0 exists,up
2 k8s-master02 1027M 18.9G 0 0 0 0 exists,up
[root@rook-ceph-tools-fc5f9586c-wq72t /]# ceph df
--- RAW STORAGE ---
CLASS SIZE AVAIL USED RAW USED %RAW USED
hdd 60 GiB 57 GiB 11 MiB 3.0 GiB 5.02
TOTAL 60 GiB 57 GiB 11 MiB 3.0 GiB 5.02
--- POOLS ---
POOL ID PGS STORED OBJECTS USED %USED MAX AVAIL
device_health_metrics 1 1 0 B 0 0 B 0 18 GiB
第四章 Ceph dashboard
参考官网
The simplest way to expose the service in minikube or similar environment is using the NodePort to open a port on the VM that can be accessed by the host. To create a service with the NodePort, save this yaml as dashboard-external-https.yaml.
The simplest way to expose the service in minikube or similar environment is using the NodePort to open a port on the VM that can be accessed by the host. To create a service with the NodePort, save this yaml as dashboard-external-https.yaml.
在minikube或类似环境中公开服务的最简单方法是使用NodePort在VM上打开主机可以访问的端口。要使用NodePort创建服务,请将此yaml保存为dashboard-external-https.yaml。
apiVersion: v1
kind: Service
metadata:
name: rook-ceph-mgr-dashboard-external-https
namespace: rook-ceph
labels:
app: rook-ceph-mgr
rook_cluster: rook-ceph
spec:
ports:
- name: dashboard
port: 8443
protocol: TCP
targetPort: 8443
selector:
app: rook-ceph-mgr
rook_cluster: rook-ceph
sessionAffinity: None
type: NodePort
创建服务
kubectl create -f dashboard-external-https.yaml
查看服务
[root@k8s-master01 ceph]# kubectl -n rook-ceph get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
csi-cephfsplugin-metrics ClusterIP 192.168.114.108 <none> 8080/TCP,8081/TCP 11h
csi-rbdplugin-metrics ClusterIP 192.168.214.223 <none> 8080/TCP,8081/TCP 11h
rook-ceph-mgr ClusterIP 192.168.5.9 <none> 9283/TCP 11h
rook-ceph-mgr-dashboard ClusterIP 192.168.144.39 <none> 8443/TCP 11h
rook-ceph-mgr-dashboard-external-https NodePort 192.168.195.164 <none> 8443:31250/TCP 8m53s
rook-ceph-mon-a ClusterIP 192.168.71.28 <none> 6789/TCP,3300/TCP 11h
rook-ceph-mon-b ClusterIP 192.168.137.117 <none> 6789/TCP,3300/TCP 11h
rook-ceph-mon-c ClusterIP 192.168.245.155 <none> 6789/TCP,3300/TCP 11h
访问
账号:admin
密码:通过命令获取
kubectl -n rook-ceph get secret rook-ceph-dashboard-password -o jsonpath="{['data']['password']}" | base64 --decode && echo
通过安装ceph的任意节点ip+端口号进行访问
警告解决:https://docs.ceph.com/en/octopus/rados/operations/health-checks/
ceph -s出现mon is allowing insecure global_id reclaim的解决办法
需要禁用掉不安全的模式,使用如下命令
ceph config set mon auth_all