K8s 使用 CephFS 作为后端存储(静态供给、动态供给)

一、K8s 使用 CephFS

CephFSCeph 中基于RADOS(可扩展分布式对象存储)构建,通过将文件数据划分为对象并分布到集群中的多个存储节点上来实现高可用性和可扩展性。

首先所有 k8s 节点都需要安装 ceph-common 工具:

shell 复制代码
yum -y install epel-release ceph-common

二、静态供给方式

静态供给方式需要提前创建好 CephFS 给到 K8s 使用。

2.1 在 Ceph 中创建 FS 和 授权用户

创建存储池:

shell 复制代码
# 数据存储池
ceph osd pool create cephfs_data_pool 16

# 元数据存储池
ceph osd pool create ceph_metadata_pool 8

创建 FS

shell 复制代码
ceph fs new k8s-cephfs cephfs_data_pool ceph_metadata_pool

创建用户 fs-user 并授权存储池 cephfs_data_pool

查看 admin 用户秘钥:

shell 复制代码
ceph auth get-key client.admin

2.2 在 k8s 中创建 secret

shell 复制代码
export ADMIN_USER_SECRET='AQDdUB9mcTI3LRAAOBpt3e7AH5v9fiMtHKQpqA=='

kubectl create secret generic ceph-admin-default-secret --type="kubernetes.io/rbd" \
--from-literal=key=$ADMIN_USER_SECRET \
--namespace=default

2.3 pod 直接使用 CephFS 存储

shell 复制代码
vi cephfs-test-pod.yml
yml 复制代码
apiVersion: v1
kind: Pod
metadata:
  name: cephfs-test-pod
spec:
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: data-volume
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: data-volume
    cephfs:
      monitors: ["11.0.1.140:6789"]
      path: /
      user: admin
      secretRef:
        name: ceph-admin-default-secret
shell 复制代码
kubectl apply -f cephfs-test-pod.yml

查看 pod

shell 复制代码
kubectl get pods

可以进到 pod 中查看分区情况:

shell 复制代码
kubectl exec -it cephfs-test-pod -- /bin/bash

df -hl

2.4 创建 PV 使用 CephFS 存储

shell 复制代码
vi cephfs-test-pv.yml
yml 复制代码
apiVersion: v1
kind: PersistentVolume
metadata:
  name: cephfs-test-pv
spec:
  accessModes: ["ReadWriteOnce"]
  capacity:
    storage: 2Gi
  persistentVolumeReclaimPolicy: Retain
  cephfs:
    monitors: ["11.0.1.140:6789"]
    path: /
    user: admin
    secretRef:
      name: ceph-admin-default-secret
shell 复制代码
kubectl apply -f cephfs-test-pv.yml

创建 PVC 绑定 PV

shell 复制代码
vi cephfs-test-pvc.yml
yml 复制代码
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cephfs-test-pvc
spec:
  accessModes: ["ReadWriteOnce"]
  resources:
    requests:
      storage: 2Gi
shell 复制代码
kubectl apply -f cephfs-test-pvc.yml

查看 pvcpv

shell 复制代码
kubectl get pvc

kubectl get pv

测试 pod 挂载 pvc

shell 复制代码
vi cephfs-test-pod1.yml
yml 复制代码
apiVersion: v1
kind: Pod
metadata:
  name: cephfs-test-pod1
spec:
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: data-volume
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: data-volume
    persistentVolumeClaim:
      claimName: cephfs-test-pvc
      readOnly: false
shell 复制代码
kubectl apply -f cephfs-test-pod1.yml

查看 pod

shell 复制代码
kubectl get pods

三、动态供给方式

由于官方没有提供cephfs动态卷支持,这里使用社区提供的cephfs-provisioner 插件实现动态供给:

shell 复制代码
vi external-storage-cephfs-provisioner.yml
yml 复制代码
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cephfs-provisioner
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cephfs-provisioner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["create", "get", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cephfs-provisioner
subjects:
  - kind: ServiceAccount
    name: cephfs-provisioner
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cephfs-provisioner
  apiGroup: rbac.authorization.k8s.io

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: cephfs-provisioner
  namespace: kube-system
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["create", "get", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: cephfs-provisioner
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: cephfs-provisioner
subjects:
- kind: ServiceAccount
  name: cephfs-provisioner
  namespace: kube-system

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cephfs-provisioner
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app: cephfs-provisioner
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: cephfs-provisioner
    spec:
      containers:
      - name: cephfs-provisioner
        image: "registry.cn-chengdu.aliyuncs.com/ives/cephfs-provisioner:latest"
        env:
        - name: PROVISIONER_NAME
          value: ceph.com/cephfs
        command:
        - "/usr/local/bin/cephfs-provisioner"
        args:
        - "-id=cephfs-provisioner-1"
      serviceAccount: cephfs-provisioner
shell 复制代码
kubectl apply -f external-storage-cephfs-provisioner.yml

查看 pod

shell 复制代码
kubectl get pods -n kube-system

3.1 创建 StorageClass

shell 复制代码
vi cephfs-sc.yml
yml 复制代码
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: dynamic-cephfs
provisioner: ceph.com/cephfs
parameters:
  monitors: 11.0.1.140:6789
  adminId: admin
  adminSecretName: ceph-admin-default-secret
  adminSecretNamespace: default
  claimRoot: /volumes/kubernetes
shell 复制代码
kubectl apply -f cephfs-sc.yml

查看 SC

shell 复制代码
kubectl get sc

3.4 测试创建 PVC

shell 复制代码
vi cephfs-pvc1.yml
yml 复制代码
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: cephfs-pvc1
spec:
  accessModes:     
    - ReadWriteOnce
  storageClassName: dynamic-cephfs
  resources:
    requests:
      storage: 2Gi
shell 复制代码
kubectl apply -f cephfs-pvc1.yml

查看 pvc

shell 复制代码
kubectl get pvc

创建 pod 使用上面 pvc

shell 复制代码
vi cephfs-test-pod2.yml
yml 复制代码
apiVersion: v1
kind: Pod
metadata:
  name: cephfs-test-pod2
spec:
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: data-volume
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: data-volume
    persistentVolumeClaim:
      claimName: cephfs-pvc1
      readOnly: false
shell 复制代码
kubectl apply -f cephfs-test-pod2.yml

查看 pod

shell 复制代码
kubectl get pods

3.5 测试使用 volumeClaimTemplates 动态创建 pv 和 pvc

shell 复制代码
vi mysql.yml
yml 复制代码
# headless service 
apiVersion: v1
kind: Service
metadata:
  name: mysql-hl
  namespace: mysql
  labels:
    app: mysql-hl
spec:
  clusterIP: None
  ports:
  - name: mysql-port
    port: 3306
  selector:
    app: mysql

---
# NodePort service 
apiVersion: v1
kind: Service
metadata:
  name: mysql-np
  namespace: mysql
  labels:
    app: mysql-np
spec:
  clusterIP: 
  ports:
  - name: master-port
    port: 3306
    nodePort: 31306
    targetPort: 3306
  selector:
    app: mysql
  type: NodePort
  target-port:
  externalTrafficPolicy: Cluster 
  
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: mysql
spec:
  serviceName: "mysql-hl"
  replicas: 1
  selector: 
    matchLabels: 
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: mysql:8.0.20
        ports:
        - containerPort: 3306
          name: master-port
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "root"
        - name: TZ
          value: "Asia/Shanghai"
        volumeMounts:                           
        - name: mysql-data
          mountPath: /var/lib/mysql 
  volumeClaimTemplates:
    - metadata:
        name: mysql-data
      spec:
        accessModes: ["ReadWriteOnce"]
        storageClassName: dynamic-cephfs
        resources:
          requests:
            storage: 2Gi
shell 复制代码
kubectl apply -f mysql.yml

查看 pod

查看 pvc

查看 pv

相关推荐
Eternal-Student11 分钟前
【docker 保存】将Docker镜像保存为一个离线的tar归档文件
运维·docker·容器
码农小丘20 分钟前
一篇保姆式centos/ubuntu安装docker
运维·docker·容器
灼烧的疯狂2 小时前
K8S + Jenkins 做CICD
容器·kubernetes·jenkins
wenyue11213 小时前
Revolutionize Your Kubernetes Experience with Easegress: Kubernetes Gateway API
容器·kubernetes·gateway
梅见十柒5 小时前
wsl2中kali linux下的docker使用教程(教程总结)
linux·经验分享·docker·云原生
Python私教5 小时前
ubuntu搭建k8s环境详细教程
linux·ubuntu·kubernetes
运维&陈同学6 小时前
【zookeeper01】消息队列与微服务之zookeeper工作原理
运维·分布式·微服务·zookeeper·云原生·架构·消息队列
O&REO7 小时前
单机部署kubernetes环境下Overleaf-基于MicroK8s的Overleaf应用部署指南
云原生·容器·kubernetes
politeboy7 小时前
k8s启动springboot容器的时候,显示找不到application.yml文件
java·spring boot·kubernetes
运维小文8 小时前
K8S资源限制之LimitRange
云原生·容器·kubernetes·k8s资源限制