K8s上用Ceph-rbd存储
k8s默认使用的本地存储,集群容灾性差,ceph作为开源的分布式存储系统,与openstack环境搭配使用,已经很多云计算公司运用于生产环境,可靠性得到验证。这里介绍一下在k8s环境下ceph如何使用.
Kubernetes支持后两种存储接口,支持的接入模式如下图:
k8s-ceph1.png
ceph端 新建pool 新建一个pool pool_1包含90个pg
ceph osd pool create pool_1 90RBD块设备 在ceph集群中新建1个rbd块设备,lun1
rbd create pool_1/lun1 --size 10Gceph权限控制
使用ceph-deploy --overwrite-conf admin部署的keyring权限太大,可以自己创建一个keyring client.rdb给块设备客户端node用
# ceph auth get-or-create client.rbd mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=pool_1' > ceph.client.rbd.keyring
k8s节点需要安装ceph
yum install ceph-common
echo 'rbd' > /etc/modules-load.d/rbd.conf
modprobe rbd
lsmod | grep rbd
rbd 83640 0
libceph 306625 1 rbd
配置文件秘钥传到k8s上
[root@ceph ceph]# scp ceph.client.rbd.keyring 192.168.6.102:/etc/ceph/
root@192.168.6.102's password:
ceph.client.rdb.keyring 100% 63 8.5KB/s 00:00
[root@ceph ceph]# scp ceph.conf 192.168.6.102:/etc/ceph/
root@192.168.6.102's password:
ceph.conf 100% 310 25.1KB/s 00:00
[root@ceph ceph]#k8s的node上操作
[root@node1 ceph]# ceph -s --name client.rdb
cluster:
id: cbc04385-1cdf-4512-a3f5-a5b3e8686a05
health: HEALTH_WARN
application not enabled on 1 pool(s)
services:
mon: 1 daemons, quorum ceph
mgr: ceph(active)
osd: 1 osds: 1 up, 1 in
data:
pools: 1 pools, 90 pgs
objects: 5 objects, 709B
usage: 1.00GiB used, 19.0GiB / 20.0GiB avail
pgs: 90 active+clean
警告解决办法:
ceph health detail
ceph osd pool application enable pool_1 rbdmap设备
# rbd map pool_1/lun1 --name client.rbd
rbd: sysfs write failed
RBD image feature set mismatch. Try disabling features unsupported by the kernel with "rbd feature disable".
In some cases useful info is found in syslog - try "dmesg | tail".
rbd: map failed: (6) No such device or address
解决办法:
在ceph节点上
rbd feature disable pool_1/lun1 exclusive-lock, object-map, fast-diff, deep-flatten将块设备挂载在操作系统中进行格式化
rbd map pool_1/lun1 --name client.rbd
mkfs.ext4 /dev/rbd0创建pv、pvc
对ceph.client.admin.keyring 的内容进行base64编码
[root@node1 ceph]# ceph auth get-key client.rbd | base64
QVFCTktERmRzeXpKQUJBQVVvVGVvWVYyamxhRi8zNU1hZ2R2dFE9PQ==
根据上面的输出,创建secret ceph-client-rbd
[root@node1 ceph]# cat ceph-secret.yml
apiVersion: v1
kind: Secret
metadata:
name: ceph-client-rbd
type: "kubernetes.io/rbd"
data:
key: QVFCTktERmRzeXpKQUJBQVVvVGVvWVYyamxhRi8zNU1hZ2R2dFE9PQ==
kubectl apply -f ceph-secret.yml
创建pv,注意: 这里是user:rbd 而不是user: client.rbd
[root@node1 ceph]# cat pv.yml
kind: PersistentVolume
apiVersion: v1
metadata:
name: ceph-pool1-lun1
spec:
storageClassName: manual
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
rbd:
fsType: ext4
image: lun1
monitors:
- '192.168.6.101:6789'
pool: pool_1
readOnly: false
secretRef:
name: ceph-client-rbd
namespace: default
user: rbd
[root@node1 ceph]# kubectl apply -f pv.yml
persistentvolume/ceph-pool1-lun1 created
[root@node1 ceph]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
ceph-pool1-lun1 10Gi RWO Retain Available manual 4s
创建pvc
[root@node1 ceph]# cat pvc.yml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc1
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
[root@node1 ceph]# kubectl apply -f pvc.yml
persistentvolumeclaim/pvc1 created
[root@node1 ceph]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
pvc1 Bound ceph-pool1-lun1 10Gi RWO manual 7s本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读