K8s 使用 CephFS 作为后端存储(静态供给、动态供给)

一、K8s 使用 CephFS

CephFSCeph 中基于RADOS(可扩展分布式对象存储)构建,通过将文件数据划分为对象并分布到集群中的多个存储节点上来实现高可用性和可扩展性。

首先所有 k8s 节点都需要安装 ceph-common 工具:

shell 复制代码
yum -y install epel-release ceph-common

二、静态供给方式

静态供给方式需要提前创建好 CephFS 给到 K8s 使用。

2.1 在 Ceph 中创建 FS 和 授权用户

创建存储池:

shell 复制代码
# 数据存储池
ceph osd pool create cephfs_data_pool 16

# 元数据存储池
ceph osd pool create ceph_metadata_pool 8

创建 FS

shell 复制代码
ceph fs new k8s-cephfs cephfs_data_pool ceph_metadata_pool

创建用户 fs-user 并授权存储池 cephfs_data_pool

查看 admin 用户秘钥:

shell 复制代码
ceph auth get-key client.admin

2.2 在 k8s 中创建 secret

shell 复制代码
export ADMIN_USER_SECRET='AQDdUB9mcTI3LRAAOBpt3e7AH5v9fiMtHKQpqA=='

kubectl create secret generic ceph-admin-default-secret --type="kubernetes.io/rbd" \
--from-literal=key=$ADMIN_USER_SECRET \
--namespace=default

2.3 pod 直接使用 CephFS 存储

shell 复制代码
vi cephfs-test-pod.yml
yml 复制代码
apiVersion: v1
kind: Pod
metadata:
  name: cephfs-test-pod
spec:
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: data-volume
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: data-volume
    cephfs:
      monitors: ["11.0.1.140:6789"]
      path: /
      user: admin
      secretRef:
        name: ceph-admin-default-secret
shell 复制代码
kubectl apply -f cephfs-test-pod.yml

查看 pod

shell 复制代码
kubectl get pods

可以进到 pod 中查看分区情况:

shell 复制代码
kubectl exec -it cephfs-test-pod -- /bin/bash

df -hl

2.4 创建 PV 使用 CephFS 存储

shell 复制代码
vi cephfs-test-pv.yml
yml 复制代码
apiVersion: v1
kind: PersistentVolume
metadata:
  name: cephfs-test-pv
spec:
  accessModes: ["ReadWriteOnce"]
  capacity:
    storage: 2Gi
  persistentVolumeReclaimPolicy: Retain
  cephfs:
    monitors: ["11.0.1.140:6789"]
    path: /
    user: admin
    secretRef:
      name: ceph-admin-default-secret
shell 复制代码
kubectl apply -f cephfs-test-pv.yml

创建 PVC 绑定 PV

shell 复制代码
vi cephfs-test-pvc.yml
yml 复制代码
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cephfs-test-pvc
spec:
  accessModes: ["ReadWriteOnce"]
  resources:
    requests:
      storage: 2Gi
shell 复制代码
kubectl apply -f cephfs-test-pvc.yml

查看 pvcpv

shell 复制代码
kubectl get pvc

kubectl get pv

测试 pod 挂载 pvc

shell 复制代码
vi cephfs-test-pod1.yml
yml 复制代码
apiVersion: v1
kind: Pod
metadata:
  name: cephfs-test-pod1
spec:
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: data-volume
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: data-volume
    persistentVolumeClaim:
      claimName: cephfs-test-pvc
      readOnly: false
shell 复制代码
kubectl apply -f cephfs-test-pod1.yml

查看 pod

shell 复制代码
kubectl get pods

三、动态供给方式

由于官方没有提供cephfs动态卷支持,这里使用社区提供的cephfs-provisioner 插件实现动态供给:

shell 复制代码
vi external-storage-cephfs-provisioner.yml
yml 复制代码
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cephfs-provisioner
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cephfs-provisioner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["create", "get", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cephfs-provisioner
subjects:
  - kind: ServiceAccount
    name: cephfs-provisioner
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cephfs-provisioner
  apiGroup: rbac.authorization.k8s.io

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: cephfs-provisioner
  namespace: kube-system
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["create", "get", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: cephfs-provisioner
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: cephfs-provisioner
subjects:
- kind: ServiceAccount
  name: cephfs-provisioner
  namespace: kube-system

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cephfs-provisioner
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app: cephfs-provisioner
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: cephfs-provisioner
    spec:
      containers:
      - name: cephfs-provisioner
        image: "registry.cn-chengdu.aliyuncs.com/ives/cephfs-provisioner:latest"
        env:
        - name: PROVISIONER_NAME
          value: ceph.com/cephfs
        command:
        - "/usr/local/bin/cephfs-provisioner"
        args:
        - "-id=cephfs-provisioner-1"
      serviceAccount: cephfs-provisioner
shell 复制代码
kubectl apply -f external-storage-cephfs-provisioner.yml

查看 pod

shell 复制代码
kubectl get pods -n kube-system

3.1 创建 StorageClass

shell 复制代码
vi cephfs-sc.yml
yml 复制代码
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: dynamic-cephfs
provisioner: ceph.com/cephfs
parameters:
  monitors: 11.0.1.140:6789
  adminId: admin
  adminSecretName: ceph-admin-default-secret
  adminSecretNamespace: default
  claimRoot: /volumes/kubernetes
shell 复制代码
kubectl apply -f cephfs-sc.yml

查看 SC

shell 复制代码
kubectl get sc

3.4 测试创建 PVC

shell 复制代码
vi cephfs-pvc1.yml
yml 复制代码
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: cephfs-pvc1
spec:
  accessModes:     
    - ReadWriteOnce
  storageClassName: dynamic-cephfs
  resources:
    requests:
      storage: 2Gi
shell 复制代码
kubectl apply -f cephfs-pvc1.yml

查看 pvc

shell 复制代码
kubectl get pvc

创建 pod 使用上面 pvc

shell 复制代码
vi cephfs-test-pod2.yml
yml 复制代码
apiVersion: v1
kind: Pod
metadata:
  name: cephfs-test-pod2
spec:
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: data-volume
      mountPath: /usr/share/nginx/html/
  volumes:
  - name: data-volume
    persistentVolumeClaim:
      claimName: cephfs-pvc1
      readOnly: false
shell 复制代码
kubectl apply -f cephfs-test-pod2.yml

查看 pod

shell 复制代码
kubectl get pods

3.5 测试使用 volumeClaimTemplates 动态创建 pv 和 pvc

shell 复制代码
vi mysql.yml
yml 复制代码
# headless service 
apiVersion: v1
kind: Service
metadata:
  name: mysql-hl
  namespace: mysql
  labels:
    app: mysql-hl
spec:
  clusterIP: None
  ports:
  - name: mysql-port
    port: 3306
  selector:
    app: mysql

---
# NodePort service 
apiVersion: v1
kind: Service
metadata:
  name: mysql-np
  namespace: mysql
  labels:
    app: mysql-np
spec:
  clusterIP: 
  ports:
  - name: master-port
    port: 3306
    nodePort: 31306
    targetPort: 3306
  selector:
    app: mysql
  type: NodePort
  target-port:
  externalTrafficPolicy: Cluster 
  
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: mysql
spec:
  serviceName: "mysql-hl"
  replicas: 1
  selector: 
    matchLabels: 
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: mysql:8.0.20
        ports:
        - containerPort: 3306
          name: master-port
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "root"
        - name: TZ
          value: "Asia/Shanghai"
        volumeMounts:                           
        - name: mysql-data
          mountPath: /var/lib/mysql 
  volumeClaimTemplates:
    - metadata:
        name: mysql-data
      spec:
        accessModes: ["ReadWriteOnce"]
        storageClassName: dynamic-cephfs
        resources:
          requests:
            storage: 2Gi
shell 复制代码
kubectl apply -f mysql.yml

查看 pod

查看 pvc

查看 pv

相关推荐
小诸葛的博客12 分钟前
istio-proxy不打印访问日志怎么解决?
云原生·istio
dessler20 分钟前
Docker-如何启动docker
运维·docker·云原生·容器·eureka
zhy2956320 分钟前
【DOCKER】基于DOCKER的服务之DUFS
运维·docker·容器·dufs
Algorithm157642 分钟前
云原生相关的 Go 语言工程师技术路线(含博客网址导航)
开发语言·云原生·golang
蜜獾云2 小时前
docker 安装雷池WAF防火墙 守护Web服务器
linux·运维·服务器·网络·网络安全·docker·容器
年薪丰厚3 小时前
如何在K8S集群中查看和操作Pod内的文件?
docker·云原生·容器·kubernetes·k8s·container
zhangj11253 小时前
K8S Ingress 服务配置步骤说明
云原生·容器·kubernetes
岁月变迁呀3 小时前
kubeadm搭建k8s集群
云原生·容器·kubernetes
墨水\\3 小时前
二进制部署k8s
云原生·容器·kubernetes
Source、3 小时前
k8s-metrics-server
云原生·容器·kubernetes