我的书签
添加书签
移除书签07-5.集成 Ceph 持久化存储
Ceph 集群情况
机器列表:
172.27.128.100 mon.m7-common-dfs04172.27.128.101 mon.m7-common-dfs03172.27.128.102 mon.m7-common-dfs02172.27.128.103 mon.m7-common-dfs01
组件部署情况:
Deploy:m7-common-dfs04Mon:m7-common-dfs04 m7-common-dfs02 m7-common-dfs03Mgr:m7-common-dfs04 m7-common-dfs02 m7-common-dfs03Mds:m7-common-dfs04 m7-common-dfs02 m7-common-dfs03OSD:0-2:mon.m7-common-dfs043-5:mon.m7-common-dfs036-8:mon.m7-common-dfs029-11:mon.m7-common-dfs01RGW:mon.m7-common-dfs04
安装 Ceph 客户端工具
需要在使用 Ceph 的每个 K8S 节点上安装 Ceph 客户端工具。
创建 yum 源配置文件:
sudo yum install -y epel-releasecat << "EOM" > /etc/yum.repos.d/ceph.repo[ceph]name=Ceph packages for $basearchbaseurl=http://download.ceph.com/rpm-luminous/el7/$basearchenabled=1gpgcheck=1type=rpm-mdgpgkey=https://download.ceph.com/keys/release.ascpriority=1[ceph-noarch]name=Ceph noarch packagesbaseurl=https://download.ceph.com/rpm-luminous/el7/noarchenabled=1gpgcheck=1type=rpm-mdgpgkey=https://download.ceph.com/keys/release.ascpriority=1[ceph-source]name=Ceph source packagesbaseurl=http://download.ceph.com/rpm-luminous/el7/SRPMSenabled=1gpgcheck=1type=rpm-mdgpgkey=https://download.ceph.com/keys/release.ascpriority=1EOM
- 注意:ceph repo 的版本需要与 ceph 集群版本一致,如上面配置的是 luminous 版本源。
安装 Ceph 客户端工具:
yum clean all && yum updateyum install -y ceph-common
安装的命令行工具列表:
$ rpm -ql ceph-common|grep bin/usr/bin/ceph/usr/bin/ceph-authtool/usr/bin/ceph-brag/usr/bin/ceph-conf/usr/bin/ceph-dencoder/usr/bin/ceph-post-file/usr/bin/ceph-rbdnamer/usr/bin/ceph-syn/usr/bin/rados/usr/bin/rbd
挂载 CephFS
创建本地挂载目录,如 devops:
sudo mkdir -p /etc/ceph /mnt/cephfs/k8s/devops
创建 secret 文件:
sudo scp root@172.27.128.100:/etc/ceph/ceph.client.admin.keyring /etc/ceph/sudo awk '/key = / {print $3}' /etc/ceph/ceph.client.admin.keyring >/etc/ceph/ceph-admin.secret
挂载 CephFS 根目录 /k8s/:
sudo mount -t ceph 172.27.128.100:6789,172.27.128.101:6789,172.27.128.102:6789:/k8s/ /mnt/cephfs/k8s/devops -o name=admin,secretfile=/etc/ceph/ceph-admin.secret,_netdev,noatime
- 需要指定多个 MDS 地址,以达到高可用和容错的目的。
在 CephFS 根目录 /k8s/ 中创建集群专用的数据目录,如 devops:
mkdir /k8s/devops
将创建的集群专用 CephFS 目录(/k8s/devops)挂载到本地目录(/mnt/cephfs/k8s/devops):
sudo umount /mnt/cephfs/k8s/devopssudo mount -t ceph 172.27.128.100:6789,172.27.128.101:6789,172.27.128.102:6789:/k8s/devops /mnt/cephfs/k8s/devops -o name=admin,secretfile=/etc/ceph/ceph-admin.secret,_netdev,noatime
在 /etc/fstab 中添加一行开启自动挂载记录:
172.27.128.100:6789:/k8s/devops/ /mnt/cephfs/k8s/devops ceph name=admin,secretfile=/etc/ceph/ceph-admin.secret,_netdev,noatime 0 0
- 必须添加
_netdev挂载参数,否则机器启动时会卡在挂载 cephfs 阶段。
创建 ceph admin secret
[root@m7-demo-136001 k8s]# cd /opt/k8s[root@m7-demo-136001 k8s]# scp root@172.27.128.100:/etc/ceph/ceph.client.admin.keyring /etc/ceph/[root@m7-demo-136001 k8s]# cat /etc/ceph/ceph.client.admin.keyring[client.admin]key = AQCYLTdbCyxZBhAAbGfK3T2tczjbhhbR0UWq1w==[root@m7-demo-136001 k8s]# Secret=$(awk '/key = / {print $3}' /etc/ceph/ceph.client.admin.keyring | base64)[root@m7-demo-136001 k8s]# cat > ceph-secret-admin.yaml <<EOFapiVersion: v1kind: Secrettype: kubernetes.io/rbdmetadata:name: ceph-secret-admindata:key: $SecretEOF
注意,如果是通过命令行创建 secret-admin,则不需要对key进行base64编码:
$ kubectl create secret generic ceph-secret-admin —from-literal=key=’AQCYLTdbCyxZBhAAbGfK3T2tczjbhhbR0UWq1w==’ —namespace=kube-system —type=kubernetes.io/rbd
[root@m7-demo-136001 k8s]# kubectl create -f ceph-secret-admin.yamlsecret "ceph-secret-admin" created
注意:PVC 只能使用所在命名空间的 rbd secret。所以上面的定义的 ceph-secret-admin 只能供 default 命名空间的 PVC 使用。其它命名空间的 PVC 如果需要用该 StorageClass,则需要在所在命名空间重新定义该 Secret;
创建 StorageClass
[root@m7-demo-136001 k8s]# cat >ceph-rbd-storage-class.yaml <<EOFapiVersion: storage.k8s.io/v1kind: StorageClassmetadata:name: cephprovisioner: kubernetes.io/rbdparameters:monitors: 172.27.128.100:6789,172.27.128.101:6789,172.27.128.102:6789adminId: adminadminSecretName: ceph-secret-adminadminSecretNamespace: "default"pool: rbduserId: adminuserSecretName: ceph-secret-adminEOF
- 额外的缺省参数: imageFormat、imageFeatures;
- imageFormat 默认值为 1。如果指定为 2,则需要 v3.11 以上内核才行,支持 Clone 等高级特性;
- imageFeatures 默认值为空,即不启用任何特性。目前支持 layering 特性;
[root@m7-demo-136001 k8s]# kubectl create -f ceph-rbd-storage-class.yamlstorageclass "ceph" created
查看创建的 StorageClass:
$ kubectl get storageclassNAME PROVISIONERceph kubernetes.io/rbd
通过将 StorageClass 对象的 storageclass.kubernetes.io/is-default-class annotations 设置为 true,可将该 StorageClass 设置为 Default StorageClass:
$ kubectl patch storageclass ceph -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'storageclass "ceph" patched$ kubectl get storageclassNAME PROVISIONERceph (default) kubernetes.io/rbd
创建使用 StorageClass 的 PVC
[root@m7-demo-136001 k8s]# cat >ceph-pvc-storageClass.json <<EOF{"kind": "PersistentVolumeClaim","apiVersion": "v1","metadata": {"name": "pvc-test-claim"},"spec": {"accessModes": ["ReadWriteOnce"],"resources": {"requests": {"storage": "1Gi"}},"storageClassName": "ceph"}}EOF[root@m7-demo-136001 k8s]# kubectl create -f ceph-pvc-storageClass.jsonpersistentvolumeclaim "pvc-test-claim" created[root@m7-demo-136001 k8s]# kubectl get pvNAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGEpvc-0335828d-90b7-11e8-b43c-0cc47a2af650 1Gi RWO Delete Bound default/pvc-test-claim ceph 20m[root@m7-demo-136001 k8s]# kubectl describe pv pvc-0335828d-90b7-11e8-b43c-0cc47a2af650Name: pvc-0335828d-90b7-11e8-b43c-0cc47a2af650Labels: <none>Annotations: kubernetes.io/createdby=rbd-dynamic-provisionerpv.kubernetes.io/bound-by-controller=yespv.kubernetes.io/provisioned-by=kubernetes.io/rbdStorageClass: cephStatus: BoundClaim: default/pvc-test-claimReclaim Policy: DeleteAccess Modes: RWOCapacity: 1GiMessage:Source:Type: RBD (a Rados Block Device mount on the host that shares a pod's lifetime)CephMonitors: [172.27.128.100:6789 172.27.128.101:6789 172.27.128.102:6789]RBDImage: kubernetes-dynamic-pvc-e1726fb7-90ba-11e8-9ba5-0cc47a2af650FSType:RBDPool: rbdRadosUser: adminKeyring: /etc/ceph/keyringSecretRef: &{ceph-secret-admin}ReadOnly: falseEvents: <none>
创建使用 PVC 的 Pod
[root@m7-demo-136001 k8s]# cat > ceph-pv-test.yaml <<EOFapiVersion: v1kind: Podmetadata:name: ceph-pv-testspec:containers:- name: busyboximage: busyboxcommand: ["sleep", "3600"]volumeMounts:- name: ceph-volmountPath: /mnt/rbdreadOnly: falsevolumes:- name: ceph-volpersistentVolumeClaim:claimName: pvc-test-claimEOF[root@m7-demo-136001 k8s]# kubectl create -f ceph-pv-test.yamlpod "ceph-pv-test" created[root@m7-demo-136001 k8s]# kubectl describe pods ceph-pv-testName: ceph-pv-testNamespace: defaultNode: m7-demo-136001/172.27.136.1Start Time: Thu, 26 Jul 2018 18:25:48 +0800Labels: <none>Annotations: <none>Status: RunningIP: 172.30.24.43Containers:busybox:Container ID: docker://c6c9f851cefe21a301caf10e4c18c68851c379d83477628560fa3c4006593c5bImage: busyboxImage ID: docker-pullable://busybox@sha256:d21b79794850b4b15d8d332b451d95351d14c951542942a816eea69c9e04b240Port: <none>Command:sleep3600State: RunningStarted: Thu, 26 Jul 2018 18:25:54 +0800Ready: TrueRestart Count: 0Environment: <none>Mounts:/mnt/rbd from ceph-vol (rw)/var/run/secrets/kubernetes.io/serviceaccount from default-token-4km88 (ro)Conditions:Type StatusInitialized TrueReady TruePodScheduled TrueVolumes:ceph-vol:Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)ClaimName: pvc-test-claimReadOnly: falsedefault-token-4km88:Type: Secret (a volume populated by a Secret)SecretName: default-token-4km88Optional: falseQoS Class: BestEffortNode-Selectors: <none>Tolerations: <none>Events:Type Reason Age From Message---- ------ ---- ---- -------Normal SuccessfulMountVolume 51s kubelet, m7-demo-136001 MountVolume.SetUp succeeded for volume "default-token-4km88"Normal Scheduled 50s default-scheduler Successfully assigned ceph-pv-test to m7-demo-136001Normal SuccessfulMountVolume 50s (x2 over 50s) kubelet, m7-demo-136001 MountVolume.SetUp succeeded for volume "pvc-0335828d-90b7-11e8-b43c-0cc47a2af650"Normal Pulling 49s kubelet, m7-demo-136001 pulling image "busybox"Normal Pulled 46s kubelet, m7-demo-136001 Successfully pulled image "busybox"Normal Created 46s kubelet, m7-demo-136001 Created containerNormal Started 46s kubelet, m7-demo-136001 Started container
