实现kubernetes基于ceph块存储和cephfs的数据持久化
ceph对接k8s使用案例
k8s节点安装 ceph-common
分别在 k8s master 与各 node 节点安装 ceph-common 组件包。
下载 ceph仓库 key 文件
root@master1:~/yaml# wget -q -O- 'https://download.ceph.com/keys/release.asc' | apt-key add - root@node1:~# wget -q -O- 'https://download.ceph.com/keys/release.asc' | apt-key add - root@node2:~# wget -q -O- 'https://download.ceph.com/keys/release.asc' | apt-key add -
验证k8s节点系统版本
root@master1:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.3 LTS Release: 20.04 Codename: focal
各 master 与 node 节点配置 apt 源
root@node1:~# vim /etc/apt/sources.list deb https://mirrors.tuna.tsinghua.edu.cn/ceph/debian-pacific/ focal main # deb-src https://mirrors.tuna.tsinghua.edu.cn/ceph/debian-pacific/ focal main #更新仓库 root@node1:~# apt update
验证 ceph 版本
root@master1:~# apt-cache madison ceph-common ceph-common | 16.2.10-1focal | https://mirrors.tuna.tsinghua.edu.cn/ceph/debian-pacific focal/main amd64 Packages ceph-common | 15.2.17-0ubuntu0.20.04.1 | http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates/main amd64 Packages ceph-common | 15.2.12-0ubuntu0.20.04.1 | http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-security/main amd64 Packages ceph-common | 15.2.1-0ubuntu1 | http://mirrors.tuna.tsinghua.edu.cn/ubuntu focal/main amd64 Packages
各节点安装和当前 ceph 集群相同版本的 ceph-common
root@master1:~# apt install ceph-common=16.2.10-1focal root@master1:~# ceph -v ceph version 16.2.10 (45fa1a083152e41a408d15505f594ec5f1b4fe17) pacific (stable)
k8s 节点配置主机名解析
在 ceph.conf 配置文件中包含 ceph 主机的主机名,因此需要在 k8s 各 master 及 node 配置配置主机名解析:
root@master1:~# cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 es1 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 192.168.100.15 harbor.cncf.net 192.168.100.16 easzlab.io.local 192.168.100.40 ceph-deploy.example.local ceph-deploy 192.168.100.31 ceph-node1.example.local ceph-node1 192.168.100.32 ceph-node2.example.local ceph-node2 192.168.100.33 ceph-node3.example.local ceph-node3 192.168.100.34 ceph-node4.example.local ceph-node4 192.168.100.41 ceph-node5.example.local ceph-node5 192.168.100.35 ceph-mon1.example.local ceph-mon1 192.168.100.36 ceph-mon2.example.local ceph-mon2 192.168.100.37 ceph-mon3.example.local ceph-mon3 192.168.100.38 ceph-mgr1.example.local ceph-mgr1 192.168.100.39 ceph-mgr2.example.local ceph-mgr2
rbd 结合 k8s 提供存储卷及动态存储卷使用案例
让 k8s 中的 pod 可以访问 ceph 中 rbd 提供的镜像作为存储设备,需要在 ceph 创建 rbd、并且让 k8s node 节点能够通过 ceph 的认证。
k8s 在使用 ceph 作为动态存储卷的时候,需要 kube-controller-manager 组件能够访问ceph,因此需要在包括 k8s master 及 node 节点在内的每一个 node 同步认证文件。
注意:rbd 的 镜像只允许同时一个服务实例进行挂载使用。
创建和管理rbd
创建初始化rbd
root@ceph-mon1:~# ceph osd pool create rbd-pool 32 32 pool 'rbd-pool' created #验证存储池 root@ceph-mon1:~# ceph osd pool ls device_health_metrics .rgw.root default.rgw.log default.rgw.control default.rgw.meta rbd-pool
存储池启用 rbd
root@ceph-mon1:~# ceph osd pool application enable rbd-pool rbd enabled application 'rbd' on pool 'rbd-pool'
初始化rbd存储池
root@ceph-mon1:~# rbd pool init -p rbd-pool
创建 image
创建镜像
root@ceph-mon1:~# rbd create img1 --size 3G --pool rbd-pool --image-format 2 --image-feature layering
验证镜像
root@ceph-mon1:~# rbd ls --pool rbd-pool img1
验证镜像信息
root@ceph-mon1:~# rbd --image img1 --pool rbd-pool info rbd image 'img1': size 3 GiB in 768 objects order 22 (4 MiB objects) snapshot_count: 0 id: f7a5246dc9401 block_name_prefix: rbd_data.f7a5246dc9401 format: 2 features: layering op_features: flags: create_timestamp: Tue Jan 3 15:15:18 2023 access_timestamp: Tue Jan 3 15:15:18 2023 modify_timestamp: Tue Jan 3 15:15:18 2023
创建 ceph 用户与授权
指定 rbd-pool 存储池创建普通用户
cephadmin@ceph-deploy:~/ceph-cluster$ ceph auth get-or-create client.lxh mon 'allow r' osd 'allow * pool=rbd-pool' [client.lxh] key = AQCnFLljFWClJhAAd4KL0bCunpP8wMY04vc41Q==
验证用户权限
cephadmin@ceph-deploy:~/ceph-cluster$ ceph auth get client.lxh [client.lxh] key = AQCnFLljFWClJhAAd4KL0bCunpP8wMY04vc41Q== caps mon = "allow r" caps osd = "allow * pool=rbd-pool" exported keyring for client.lxh
导出用户信息至 keyring 文件
cephadmin@ceph-deploy:~/ceph-cluster$ ceph auth get client.lxh -o ceph.client.lxh.keyring cephadmin@ceph-deploy:~/ceph-cluster$ cat ceph.client.lxh.keyring [client.lxh] key = AQCnFLljFWClJhAAd4KL0bCunpP8wMY04vc41Q== caps mon = "allow r" caps osd = "allow * pool=rbd-pool"
同步认证文件到 k8s 各 master 及 node 节点
cephadmin@ceph-deploy:~/ceph-cluster$ scp ceph.conf ceph.client.lxh.keyring root@192.168.100.3:/etc/ceph cephadmin@ceph-deploy:~/ceph-cluster$ scp ceph.conf ceph.client.lxh.keyring root@192.168.100.4:/etc/ceph cephadmin@ceph-deploy:~/ceph-cluster$ scp ceph.conf ceph.client.lxh.keyring root@192.168.100.5:/etc/ceph
在 k8s node 节点验证用户权限
root@master1:~# ceph --user lxh -s root@node1:~# ceph --user lxh -s
验证k8s节点对镜像访问权限
root@node1:~# rbd --id lxh ls --pool=rbd-pool img1
通过 keyring 文件挂载 rbd
基于 ceph 提供的 rbd 实现存储卷的动态提供,由两种实现方式,一是通过宿主机的 keyring 文件挂载 rbd,另外一个是通过将 keyring 中 key 定义为 k8s 中的 secret,然后 pod 通过 secret 挂载 rbd。
创建namespace
root@master1:~/yaml# kubectl create ns ceph
1、创建 pod 引用ceph rbd yaml
root@master1:~/yaml# cat pod-ceph-rbd.yaml apiVersion: v1 kind: Pod metadata: name: busybox namespace: ceph #指定 namespace spec: containers: - image: busybox command: - sleep - "3600" imagePullPolicy: IfNotPresent name: busybox volumeMounts: - name: rbd-data1 #指定volues名称 mountPath: /data #pod 挂载路径 volumes: - name: rbd-data1 #定义volumes名称 rbd: monitors: #指定ceph mon ip - '192.168.100.35:6789' - '192.168.100.36:6789' - '192.168.100.37:6789' pool: rbd-pool #指定ceph的rbd 存储池 image: img1 #指定rbd存储池创建的镜像 fsType: xfs #指定将镜像挂载后格式化的文件系统类型 readOnly: false #指定文件系统非只读 user: lxh #指定ceph 认证的用户名 keyring: /etc/ceph/ceph.client.lxh.keyring #指定ceph 创建的普通用户的keyring文件 root@master1:~/yaml\# kubectl apply -f pod-ceph-rbd.yaml
验证pod挂载使用rbd
root@master1:~/yaml# kubectl config set-context context-cluster1 --namespace ceph root@master1:~/yaml# kubectl get pods NAME READY STATUS RESTARTS AGE busybox 1/1 Running 0 48s root@master1:~/yaml# kubectl exec -it busybox -- df -h Filesystem Size Used Available Use% Mounted on overlay 49.2G 12.1G 37.1G 25% / tmpfs 64.0M 0 64.0M 0% /dev tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup /dev/rbd0 3.0G 53.9M 2.9G 2% /data /dev/sda3 49.2G 12.1G 37.1G 25% /etc/hosts /dev/sda3 49.2G 12.1G 37.1G 25% /dev/termination-log /dev/sda3 49.2G 12.1G 37.1G 25% /etc/hostname /dev/sda3 49.2G 12.1G 37.1G 25% /etc/resolv.conf shm 64.0M 0 64.0M 0% /dev/shm tmpfs 3.5G 12.0K 3.5G 0% /var/run/secrets/kubernetes.io/serviceaccount tmpfs 1.9G 0 1.9G 0% /proc/acpi tmpfs 64.0M 0 64.0M 0% /proc/kcore tmpfs 64.0M 0 64.0M 0% /proc/keys tmpfs 64.0M 0 64.0M 0% /proc/timer_list tmpfs 64.0M 0 64.0M 0% /proc/sched_debug tmpfs 1.9G 0 1.9G 0% /proc/scsi tmpfs 1.9G 0 1.9G 0% /sys/firmware
测试卷的数据写入
root@master1:~/yaml# kubectl exec -it busybox -- cp -r /etc /data root@master1:~/yaml# kubectl exec -it busybox -- ls -l /data total 0 drwxr-xr-x 3 root root 148 Jan 7 09:13 etc
验证 k8s node的rbd挂载使用
root@master1:~/yaml# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES busybox 1/1 Running 0 23m 10.200.166.164 192.168.100.4 <none> <none>
查看节点对rbd卷的挂载
root@node1:~# mount |grep rbd /dev/rbd0 on /var/lib/kubelet/plugins/kubernetes.io/rbd/mounts/rbd-pool-image-img1 type xfs (rw,relatime,attr2,inode64,logbufs=8,logbsize=64k,sunit=128,swidth=128,noquota) /dev/rbd0 on /var/lib/kubelet/pods/d2fb7d63-3e9d-4105-b5c4-d234e287ca5b/volumes/kubernetes.io~rbd/rbd-data1 type xfs (rw,relatime,attr2,inode64,logbufs=8,logbsize=64k,sunit=128,swidth=128,noquota) root@node1:~# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT loop0 7:0 0 55.6M 1 loop /snap/core18/2566 loop1 7:1 0 55.6M 1 loop /snap/core18/2667 loop2 7:2 0 67.8M 1 loop /snap/lxd/22753 loop3 7:3 0 49.6M 1 loop /snap/snapd/17883 loop4 7:4 0 63.3M 1 loop /snap/core20/1778 loop5 7:5 0 63.2M 1 loop /snap/core20/1623 loop6 7:6 0 91.9M 1 loop /snap/lxd/24061 sda 8:0 0 50G 0 disk ©À©¤sda1 8:1 0 1M 0 part ©À©¤sda2 8:2 0 800M 0 part /boot ©¸©¤sda3 8:3 0 49.2G 0 part / sr0 11:0 1 1.2G 0 rom rbd0 252:0 0 3G 0 disk /var/lib/kubelet/pods/8e608e5d-445c-4257-ae8e-9069756f182b/volumes/kubernetes.io~rbd/rbd-data1 root@node1:~# rbd showmapped id pool namespace image snap device 0 rbd-pool img1 - /dev/rbd0
2、通过deployment 引用rbd
1、部署nginx
root@master1:~/yaml# cat nginx-rbd.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 1 selector: matchLabels: app: nginx-rbd template: metadata: labels: app: nginx-rbd spec: containers: - name: nginx-rbd image: nginx ports: - containerPort: 80 imagePullPolicy: IfNotPresent volumeMounts: - name: rbd-data1 mountPath: /data volumes: - name: rbd-data1 rbd: monitors: - '192.168.100.35:6789' - '192.168.100.36:6789' - '192.168.100.37:6789' pool: rbd-pool image: img1 fsType: xfs readOnly: false user: lxh keyring: /etc/ceph/ceph.client.lxh.keyring root@master1:~/yaml# kubectl apply -f nginx-rbd.yaml
查看 pod 具体挂载使用rbd
root@master1:~/yaml# kubectl exec -it nginx-deployment-69466b449f-xbszn -- df -h /data Filesystem Size Used Avail Use% Mounted on /dev/rbd0 3.0G 55M 3.0G 2% /data root@master1:~/yaml# kubectl exec -it nginx-deployment-69466b449f-xbszn -- mount|grep rbd /dev/rbd0 on /data type xfs (rw,relatime,attr2,inode64,logbufs=8,logbsize=64k,sunit=128,swidth=128,noquota) root@master1:~/yaml# kubectl exec -it nginx-deployment-69466b449f-xbszn -- ls -l /data total 0 drwxr-xr-x 3 root root 148 Jan 7 09:13 etc
2、部署mysql
root@master1:~/yaml# cat mysql-rbd.yaml apiVersion: apps/v1 kind: Deployment metadata: name: mysql-deployment spec: replicas: 1 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - name: mysql image: mysql:5.7.31 env: - name: MYSQL_ROOT_PASSWORD value: root123456 ports: - containerPort: 80 volumeMounts: - name: rbd-data1 mountPath: /var/lib/mysql volumes: - name: rbd-data1 rbd: monitors: - '192.168.100.35:6789' - '192.168.100.36:6789' - '192.168.100.37:6789' pool: rbd-pool image: img1 fsType: xfs readOnly: false user: lxh keyring: /etc/ceph/ceph.client.lxh.keyring root@master1:~/yaml# kubectl apply -f mysql-rbd.yaml
验证mysql deployment 挂载rbd
注意mysql使用的rbd镜像内必须是空的数据,不能包含任何文件在内,mysql初始化需要数据目录为空
root@master1:~/yaml# kubectl get pods NAME READY STATUS RESTARTS AGE mysql-deployment-966ccf6c5-nddw8 1/1 Running 0 6m16s root@master1:~/yaml# kubectl exec -it mysql-deployment-966ccf6c5-nddw8 -- df -h Filesystem Size Used Avail Use% Mounted on overlay 50G 13G 37G 27% / tmpfs 64M 0 64M 0% /dev tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup shm 64M 0 64M 0% /dev/shm /dev/sda3 50G 13G 37G 27% /etc/hosts /dev/rbd0 3.0G 265M 2.8G 9% /var/lib/mysql tmpfs 3.6G 12K 3.6G 1% /run/secrets/kubernetes.io/serviceaccount tmpfs 2.0G 0 2.0G 0% /proc/acpi tmpfs 2.0G 0 2.0G 0% /proc/scsi tmpfs 2.0G 0 2.0G 0% /sys/firmware root@master1:~/yaml# kubectl exec -it mysql-deployment-966ccf6c5-nddw8 -- mount |grep rbd /dev/rbd0 on /var/lib/mysql type xfs (rw,relatime,attr2,inode64,logbufs=8,logbsize=64k,sunit=128,swidth=128,noquota) root@master1:~/yaml# kubectl exec -it mysql-deployment-966ccf6c5-nddw8 -- ls -l /var/lib/mysql total 188484 -rw-r----- 1 mysql mysql 56 Jan 7 11:10 auto.cnf -rw------- 1 mysql mysql 1680 Jan 7 11:10 ca-key.pem -rw-r--r-- 1 mysql mysql 1112 Jan 7 11:10 ca.pem -rw-r--r-- 1 mysql mysql 1112 Jan 7 11:10 client-cert.pem -rw------- 1 mysql mysql 1676 Jan 7 11:10 client-key.pem -rw-r----- 1 mysql mysql 1353 Jan 7 11:10 ib_buffer_pool -rw-r----- 1 mysql mysql 50331648 Jan 7 11:10 ib_logfile0 -rw-r----- 1 mysql mysql 50331648 Jan 7 11:09 ib_logfile1 -rw-r----- 1 mysql mysql 79691776 Jan 7 11:10 ibdata1 -rw-r----- 1 mysql mysql 12582912 Jan 7 11:10 ibtmp1 drwxr-x--- 2 mysql mysql 4096 Jan 7 11:10 mysql drwxr-x--- 2 mysql mysql 8192 Jan 7 11:10 performance_schema -rw------- 1 mysql mysql 1676 Jan 7 11:10 private_key.pem -rw-r--r-- 1 mysql mysql 452 Jan 7 11:10 public_key.pem -rw-r--r-- 1 mysql mysql 1112 Jan 7 11:10 server-cert.pem -rw------- 1 mysql mysql 1680 Jan 7 11:10 server-key.pem drwxr-x--- 2 mysql mysql 8192 Jan 7 11:10 sys
通过 secret 挂载 rbd
将 ceph keying 文件 先定义为 k8s 的 secret,然后再挂载至 pod,每个 k8s node 节点就不再需要分发使用 keyring 文件
创建 secret
首先要创建 secret,secret 中主要就是包含 ceph 中被授权用户 keyrin 文件中的 key,需要将 key 内容通过 base64 编码后即可创建 secret。
将 key 进行编码
将key输出
cephadmin@ceph-deploy:~/ceph-cluster$ ceph auth print-key client.lxh AQCnFLljFWClJhAAd4KL0bCunpP8wMY04vc41Q==
将key进行 base64 编码
cephadmin@ceph-deploy:~/ceph-cluster$ ceph auth print-key client.lxh|base64 QVFDbkZMbGpGV0NsSmhBQWQ0S0wwYkN1bnBQOHdNWTA0dmM0MVE9PQ==
创建secret,将编码后的ceph keyring复制到yaml中
apiVersion: v1 kind: Secret metadata: name: ceph-secret-lxh-keying type: "kubernetes.io/rbd" data: key: QVFDbkZMbGpGV0NsSmhBQWQ0S0wwYkN1bnBQOHdNWTA0dmM0MVE9PQ==
创建secret
root@master1:~/yaml# kubectl apply -f client-lxh-secret.yaml secret/ceph-secret-lxh-keying created root@master1:~/yaml# kubectl get secrets NAME TYPE DATA AGE ceph-secret-lxh-keying kubernetes.io/rbd 1 6s
创建deployment
创建secret后,编辑pod yaml 使用secret替代 keyring 文件
root@master1:~/yaml# cat nginx-secret.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx imagePullPolicy: IfNotPresent ports: - containerPort: 80 volumeMounts: - name: rbd-data1 mountPath: /usr/share/nginx/html/rbd #指定将volumes挂载路径 volumes: - name: rbd-data1 rbd: monitors: - '192.168.100.35:6789' - '192.168.100.36:6789' - '192.168.100.37:6789' pool: rbd-pool image: img1 fsType: xfs readOnly: false user: lxh #指定ceph 认证用户名称 secretRef: name: ceph-secret-lxh-keying #指定ceph-keyring创建的secret名称 root@master1:~/yaml# kubectl apply -f nginx-secret.yaml
验证pod 挂载rbd
root@master1:~/yaml# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-deployment-8554645cd6-z55zw 1/1 Running 0 4m34s root@master1:~/yaml# kubectl exec -it nginx-deployment-8554645cd6-z55zw -- df -h Filesystem Size Used Avail Use% Mounted on overlay 50G 12G 38G 24% / tmpfs 64M 0 64M 0% /dev tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup shm 64M 0 64M 0% /dev/shm /dev/sda3 50G 12G 38G 24% /etc/hosts tmpfs 3.6G 12K 3.6G 1% /run/secrets/kubernetes.io/serviceaccount /dev/rbd0 3.0G 253M 2.8G 9% /usr/share/nginx/html/rbd tmpfs 2.0G 0 2.0G 0% /proc/acpi tmpfs 2.0G 0 2.0G 0% /proc/scsi tmpfs 2.0G 0 2.0G 0% /sys/firmware
验证挂载文件
root@master1:~/yaml# kubectl exec -it nginx-deployment-8554645cd6-z55zw -- ls -l /usr/share/nginx/html/rbd
验证 k8s 节点 挂载
root@master1:~/yaml# kubectl get pods -o wide
root@node2:~# rbd showmapped
动态存储卷供给
要求 k8s 集群采用二进制方式部署
https://github.com/kubernetes/kubernetes/issues/38923
存储卷可以通过 kube-controller-manager 组件动态创建,适用于有状态服务需要多个存储卷的场合。
1、将 ceph admin 用户 key 文件定义为 k8s secret,用于 k8s 调用 ceph admin 权限动态创建存储卷,即不再需要提前创建好 image 而是 k8s 在需要使用的时候再调用 ceph 创建。
2、k8s再使用普通用户secret 进行挂载rbd。
创建 admin 用户 secret
获取ceph admin 用户 secret
cephadmin@ceph-deploy:~/ceph-cluster$ ceph auth print-key client.admin |base64 QVFBQW5GTmphM1FlQkJBQWo0ZXZJNXNuajJVRmpqdDFYK01zb0E9PQ==
编辑 ceph admin 用户 k8s secret 文件内容并创建 sectet
root@master1:~/yaml# cat ceph-admin-secret.yaml apiVersion: v1 kind: Secret metadata: name: ceph-admin-secret type: "kubernetes.io/rbd" data: key: QVFBQW5GTmphM1FlQkJBQWo0ZXZJNXNuajJVRmpqdDFYK01zb0E9PQ== root@master1:~/yaml# kubectl apply -f ceph-admin-secret.yaml
验证创建secret
root@master1:~/yaml# kubectl get secrets NAME TYPE DATA AGE ceph-admin-secret kubernetes.io/rbd 1 6s ceph-secret-lxh-keying kubernetes.io/rbd 1 2m24s
创建普通用户secret
重复参考admin用户的secret方式《创建secret》
创建存储类
创建动态存储类,为 pod 提供动态 pvc
root@master1:~/yaml# cat ceph-storage-class.yaml apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: ceph-storage-class namespace: ceph annotations: storageclass.kubernetes.io/is-default-class: "false" #不将该存储类设置为k8s默认存储类 provisioner: kubernetes.io/rbd parameters: monitors: 192.168.100.35:6789,192.168.100.36:6789,192.168.100.37:6789 #指定ceph监控地址和监控服务端口 adminId: admin #指定ceph admin账户 adminSecretName: ceph-admin-secret #指定 ceph-admin账户的secret adminSecretNamespace: ceph #指定 ceph-admin secret 所在的namespace pool: rbd-pool #指定存储池 userId: lxh #指定普通用户,用于挂载rbd userSecretName: ceph-secret-lxh-keying #指定普通用户的secret root@master1:~/yaml# kubectl apply -f ceph-storage-class.yaml
验证
root@master1:~/yaml# kubectl get sc NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE ceph-storage-class kubernetes.io/rbd Delete Immediate false 10s
创建基于存储类的 PVC
root@master1:~/yaml# cat mysql-pvc.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mysql-pvc namespace: ceph spec: accessModes: - ReadWriteOnce #设置pvc存储的权限为rwo,只允许同时一个pod可以读写访问。 storageClassName: ceph-storage-class #指定ceph的存储类 resources: requests: storage: '5Gi' root@master1:~/yaml# kubectl apply -f mysql-pvc.yaml persistentvolumeclaim/mysql-pvc created
验证pvc
root@master1:~/yaml# kubectl get pvc root@master1:~/yaml# kubectl get pv
验证ceph是否自动创建image
cephadmin@ceph-deploy:~/ceph-cluster$ rbd ls --pool rbd-pool
创建应用pod验证
创建mysql deployment
root@master1:~/yaml# cat mysql-sc-pvc.yaml apiVersion: apps/v1 kind: Deployment metadata: name: mysql spec: selector: matchLabels: app: mysql strategy: type: Recreate template: metadata: labels: app: mysql spec: containers: - image: mysql:5.7.31 name: mysql env: # Use secret in real usage - name: MYSQL_ROOT_PASSWORD value: root123456 ports: - containerPort: 3306 name: mysql volumeMounts: - name: mysql-persistent-storage mountPath: /var/lib/mysql volumes: - name: mysql-persistent-storage persistentVolumeClaim: claimName: mysql-pvc --- kind: Service apiVersion: v1 metadata: labels: app: mysql-service-label name: mysql-service spec: type: NodePort ports: - name: http port: 3306 protocol: TCP targetPort: 3306 nodePort: 33306 selector: app: mysql root@master1:~/yaml# kubectl apply -f mysql-sc-pvc.yaml deployment.apps/mysql created service/mysql-service created
验证 mysql pod
首次部署,会出现数据目录已存在文件,需要将目录清空文件。定位找到该pod的k8s 节点上手动清空目录
找到目录,清空
删除 mysql pod,触发deployment重新创建 mysql pod
验证访问mysql pod,查看service暴露的宿主机端口
root@master1:~/yaml# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE mysql-service NodePort 10.100.56.161 <none> 3306:33306/TCP 7m19s
新建数据库,并插入表数据
删除 mysql pod,Deployment 会重新创建一个 pod,验证数据库在 ceph rbd 卷的持久化存储
重新连接 mysql,验证数据
cephfs结合k8s使用案例
k8s 中的 pod 挂载 ceph 的 cephfs 共享存储,实现业务中数据共享、持久化、高性能、高可用的目的。cephfs 支持多个服务实例同时使用和挂载。
创建 普通用户 secret
参考创建ceph admin用户的步骤
并将创建的用户key进行base64编码
cephadmin@ceph-deploy:~/ceph-cluster$ ceph auth print-key client.lxhfs|base64 QVFCaXBZNWo5WHdxQlJBQUIwOWUxd2JDcHpvSGJ0SkhNZkxKbEE9PQ==
创建secret yaml
root@master1:~/yaml# vim ceph-cephfs-lxhfs-secret.yaml apiVersion: v1 kind: Secret metadata: name: ceph-secret-lxhfs-keying type: "kubernetes.io/rbd" data: key: QVFCaXBZNWo5WHdxQlJBQUIwOWUxd2JDcHpvSGJ0SkhNZkxKbEE9PQ==
创建secret 并验证
root@master1:~/yaml# kubectl apply -f ceph-cephfs-lxhfs-secret.yaml secret/ceph-secret-lxhfs-keying created root@master1:~/yaml# kubectl get secrets NAME TYPE DATA AGE ceph-admin-secret kubernetes.io/rbd 1 147m ceph-secret-lxh-keying kubernetes.io/rbd 1 145m ceph-secret-lxhfs-keying kubernetes.io/rbd 1 3s
创建应用
编辑应用yaml,添加 deployment和 service
root@master1:~/yaml# cat nginx-cephfs.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 #指定副本数为3 selector: matchLabels: #rs or deployment app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx ports: - containerPort: 80 imagePullPolicy: IfNotPresent volumeMounts: - name: staticdata-cephfs mountPath: /usr/share/nginx/html/cephfs volumes: - name: staticdata-cephfs cephfs: monitors: #指定ceph 监控的地址和服务端口 - '192.168.100.35:6789' - '192.168.100.36:6789' - '192.168.100.37:6789' path: / user: lxhfs #指定ceph fs的认证用户 secretRef: name: ceph-secret-lxhfs-keying #指定创建的k8s的cephfs用户secret --- kind: Service apiVersion: v1 metadata: labels: app: nginx-service name: nginx-service spec: type: NodePort ports: - name: http port: 80 protocol: TCP targetPort: 80 nodePort: 33380 selector: app: nginx
创建 deployment 并验证 pods
root@master1:~/yaml# kubectl apply -f nginx-cephfs.yaml deployment.apps/nginx-deployment created service/nginx-service created root@master1:~/yaml# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-deployment-5db48bbc6c-44nr5 1/1 Running 0 4s nginx-deployment-5db48bbc6c-bz7md 1/1 Running 0 4s nginx-deployment-5db48bbc6c-vv7bp 1/1 Running 0 4s root@master1:~/yaml# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx-service NodePort 10.100.224.126 <none> 80:33380/TCP
验证多个pod副本挂载cephfs
root@master1:~/yaml# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-deployment-5db48bbc6c-44nr5 1/1 Running 0 5m44s nginx-deployment-5db48bbc6c-bz7md 1/1 Running 0 5m44s nginx-deployment-5db48bbc6c-vv7bp 1/1 Running 0 5m44s root@master1:~/yaml# kubectl exec -it nginx-deployment-5db48bbc6c-44nr5 -- df -h|grep cephfs 192.168.100.35:6789,192.168.100.36:6789,192.168.100.37:6789:/ 380G 0 380G 0% /usr/share/nginx/html/cephfs root@master1:~/yaml# kubectl exec -it nginx-deployment-5db48bbc6c-bz7md -- df -h|grep cephfs 192.168.100.35:6789,192.168.100.36:6789,192.168.100.37:6789:/ 380G 0 380G 0% /usr/share/nginx/html/cephfs root@master1:~/yaml# kubectl exec -it nginx-deployment-5db48bbc6c-vv7bp -- df -h|grep cephfs 192.168.100.35:6789,192.168.100.36:6789,192.168.100.37:6789:/ 380G 0 380G 0% /usr/share/nginx/html/cephfs
单实例客户端挂载并添加共享文件
单节点客户端挂载参考步骤:cephfs的部署和使用
首先验证访问nginx
根据k8s创建的svc暴露的nodeport端口访问验证
验证客户端挂载
客户端创建静态页面
在k8spod中验证是否同步创建文件
访问nginx页面 URI:cephfs/index.html
本文来自博客园,作者:PunchLinux,转载请注明原文链接:https://www.cnblogs.com/punchlinux/p/17073260.html
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 记一次.NET内存居高不下排查解决与启示