基于ceph rbd 在kubernetes harbor 空间下创建动态存储

[root@bs-k8s-ceph ~]# ceph osd pool create harbor 128
Error ETIMEDOUT: crush test failed with -110: timed out during smoke test (5 seconds)
//这个问题 我不知道怎么解决   因为过了一小会  就又好了
[root@bs-k8s-ceph ~]# ceph osd pool create harbor 128
pool 'harbor' created
[root@bs-k8s-ceph ceph]# ceph auth get-or-create client.harbor mon 'allow r' osd 'allow class-read, allow rwx pool=harbor' -o ceph.client.harbor.keyring
[root@bs-k8s-ceph ceph]# ceph auth get client.harbor
exported keyring for client.harbor
[client.harbor]
    key = AQDoCklen6e4NxAAVXmy/PG+R5iH8fNzMhk6Jg==
    caps mon = "allow r"
    caps osd = "allow class-read, allow rwx pool=harbor"
    
[root@bs-k8s-node01 ~]# ceph auth get-key client.admin | base64
QVFDNmNVSmV2eU8yRnhBQVBxYzE5Mm5PelNnZk5acmg5aEFQYXc9PQ==
[root@bs-k8s-node01 ~]# ceph auth get-key client.harbor | base64

[root@bs-k8s-master01 ~]# kubectl get nodes
The connection to the server 20.0.0.250:8443 was refused - did you specify the right host or port?
[root@bs-hk-hk01 ~]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 日 2020-02-16 17:16:43 CST; 12min ago
  Process: 1168 ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid (code=exited, status=134)
 Main PID: 1168 (code=exited, status=134)

2月 15 20:22:54 bs-hk-hk01 haproxy[1168]: [WARNING] 045/202254 (1184) : Server k8s_api_nodes...ue.
2月 15 20:25:15 bs-hk-hk01 haproxy[1168]: [WARNING] 045/202515 (1183) : Server k8s_api_nodes...ue.
2月 15 20:25:15 bs-hk-hk01 haproxy[1168]: [WARNING] 045/202515 (1184) : Server k8s_api_nodes...ue.
2月 15 20:26:03 bs-hk-hk01 haproxy[1168]: [WARNING] 045/202603 (1184) : Server k8s_api_nodes...ue.
2月 15 20:26:03 bs-hk-hk01 haproxy[1168]: [WARNING] 045/202603 (1183) : Server k8s_api_nodes...ue.
2月 15 20:26:13 bs-hk-hk01 haproxy[1168]: [WARNING] 045/202613 (1183) : Server k8s_api_nodes...ue.
2月 15 20:26:13 bs-hk-hk01 haproxy[1168]: [WARNING] 045/202613 (1184) : Server k8s_api_nodes...ue.
2月 16 17:16:43 bs-hk-hk01 systemd[1]: haproxy.service: main process exited, code=exited, st...n/a
2月 16 17:16:44 bs-hk-hk01 systemd[1]: Unit haproxy.service entered failed state.
2月 16 17:16:44 bs-hk-hk01 systemd[1]: haproxy.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

[root@bs-hk-hk01 ~]# systemctl start haproxy
[root@bs-hk-hk01 ~]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: active (running) since 日 2020-02-16 17:30:03 CST; 1s ago
  Process: 4196 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
 Main PID: 4212 (haproxy)
   CGroup: /system.slice/haproxy.service
           ├─4212 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy....
           ├─4216 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy....
           └─4217 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy....

2月 16 17:30:00 bs-hk-hk01 systemd[1]: Starting HAProxy Load Balancer...
2月 16 17:30:03 bs-hk-hk01 systemd[1]: Started HAProxy Load Balancer.
2月 16 17:30:04 bs-hk-hk01 haproxy[4212]: [WARNING] 046/173004 (4212) : config : 'option for...de.
2月 16 17:30:04 bs-hk-hk01 haproxy[4212]: [WARNING] 046/173004 (4212) : config : 'option for...de.
2月 16 17:30:04 bs-hk-hk01 haproxy[4212]: [WARNING] 046/173004 (4212) : Proxy 'stats': in mu...st.
2月 16 17:30:04 bs-hk-hk01 haproxy[4212]: [NOTICE] 046/173004 (4212) : New worker #1 (4216) forked
2月 16 17:30:04 bs-hk-hk01 haproxy[4212]: [NOTICE] 046/173004 (4212) : New worker #2 (4217) forked
Hint: Some lines were ellipsized, use -l to show in full.
[root@bs-hk-hk01 ~]# systemctl enable haproxy

[root@bs-k8s-master01 ~]# kubectl get nodes
NAME              STATUS   ROLES    AGE    VERSION
bs-k8s-master01   Ready    master   7d6h   v1.17.2
bs-k8s-master02   Ready    master   7d6h   v1.17.2
bs-k8s-master03   Ready    master   7d6h   v1.17.2
bs-k8s-node01     Ready    <none>   7d6h   v1.17.2
bs-k8s-node02     Ready    <none>   7d6h   v1.17.2
bs-k8s-node03     Ready    <none>   7d6h   v1.17.2
[root@bs-k8s-master01 ~]# kubectl get pods --all-namespaces 
NAMESPACE     NAME                                        READY   STATUS             RESTARTS   AGE
default       rbd-provisioner-75b85f85bd-8ftdm            1/1     Running            11         7d6h
kube-system   calico-node-4jxbp                           1/1     Running            4          7d6h
kube-system   calico-node-7t9cj                           1/1     Running            7          7d6h
kube-system   calico-node-cchgl                           1/1     Running            14         7d6h
kube-system   calico-node-czj76                           1/1     Running            6          7d6h
kube-system   calico-node-lxb2s                           1/1     Running            14         7d6h
kube-system   calico-node-nmg9t                           1/1     Running            8          7d6h
kube-system   coredns-7f9c544f75-bwx9p                    1/1     Running            4          7d6h
kube-system   coredns-7f9c544f75-q58mr                    1/1     Running            3          7d6h
kube-system   dashboard-metrics-scraper-6b66849c9-qtwzx   1/1     Running            2          7d5h
kube-system   etcd-bs-k8s-master01                        1/1     Running            17         7d6h
kube-system   etcd-bs-k8s-master02                        1/1     Running            7          7d6h
kube-system   etcd-bs-k8s-master03                        1/1     Running            32         7d6h
kube-system   kube-apiserver-bs-k8s-master01              1/1     Running            28         7d6h
kube-system   kube-apiserver-bs-k8s-master02              1/1     Running            15         7d6h
kube-system   kube-apiserver-bs-k8s-master03              1/1     Running            62         7d6h
kube-system   kube-controller-manager-bs-k8s-master01     1/1     Running            32         7d6h
kube-system   kube-controller-manager-bs-k8s-master02     1/1     Running            27         7d6h
kube-system   kube-controller-manager-bs-k8s-master03     1/1     Running            31         7d6h
kube-system   kube-proxy-26ffm                            1/1     Running            3          7d6h
kube-system   kube-proxy-298tr                            1/1     Running            5          7d6h
kube-system   kube-proxy-hzsmb                            1/1     Running            3          7d6h
kube-system   kube-proxy-jb4sq                            1/1     Running            4          7d6h
kube-system   kube-proxy-pt94r                            1/1     Running            4          7d6h
kube-system   kube-proxy-wljwv                            1/1     Running            4          7d6h
kube-system   kube-scheduler-bs-k8s-master01              1/1     Running            32         7d6h
kube-system   kube-scheduler-bs-k8s-master02              1/1     Running            21         7d6h
kube-system   kube-scheduler-bs-k8s-master03              1/1     Running            31         7d6h
kube-system   kubernetes-dashboard-887cbd9c6-j7ptq        1/1     Running            22         7d5h
[root@bs-k8s-master01 harbor]# pwd
/data/k8s/harbor
[root@bs-k8s-master01 rbd]# kubectl apply -f ceph-harbor-namespace.yaml
namespace/harbor created
[root@bs-k8s-master01 rbd]# kubectl get namespaces
NAME              STATUS   AGE
default           Active   7d8h
harbor            Active   16s
kube-node-lease   Active   7d8h
kube-public       Active   7d8h
kube-system       Active   7d8h
[root@bs-k8s-master01 rbd]# cat ceph-harbor-namespace.yaml 
##########################################################################
#Author:                     zisefeizhu
#QQ:                         2********0
#Date:                       2020-02-16
#FileName:                   ceph-harbor-namespace.yaml
#URL:                        https://www.cnblogs.com/zisefeizhu/
#Description:                The test script
#Copyright (C):              2020 All rights reserved
###########################################################################
apiVersion: v1
kind: Namespace
metadata:
  name: harbor
[root@bs-k8s-master01 rbd]# kubectl apply -f external-storage-rbd-provisioner.yaml
serviceaccount/rbd-provisioner created
clusterrole.rbac.authorization.k8s.io/rbd-provisioner unchanged
clusterrolebinding.rbac.authorization.k8s.io/rbd-provisioner configured
role.rbac.authorization.k8s.io/rbd-provisioner created
rolebinding.rbac.authorization.k8s.io/rbd-provisioner created
deployment.apps/rbd-provisioner created
[root@bs-k8s-master01 rbd]# kubectl get pods -n harbor -o wide
NAME                               READY   STATUS    RESTARTS   AGE     IP             NODE            NOMINATED NODE   READINESS GATES
rbd-provisioner-75b85f85bd-dhnr4   1/1     Running   0          3m48s   10.209.46.84   bs-k8s-node01   <none>           <none>
[root@bs-k8s-master01 rbd]# cat external-storage-rbd-provisioner.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rbd-provisioner
  namespace: harbor
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-provisioner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["kube-dns"]
    verbs: ["list", "get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-provisioner
subjects:
  - kind: ServiceAccount
    name: rbd-provisioner
    namespace: harbor
roleRef:
  kind: ClusterRole
  name: rbd-provisioner
  apiGroup: rbac.authorization.k8s.io

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: rbd-provisioner
  namespace: harbor
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rbd-provisioner
  namespace: harbor
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: rbd-provisioner
subjects:
- kind: ServiceAccount
  name: rbd-provisioner
  namespace: harbor

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: rbd-provisioner
  namespace: harbor
spec:
  replicas: 1
  selector:
    matchLabels:
      app: rbd-provisioner
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: rbd-provisioner
    spec:
      containers:
      - name: rbd-provisioner
        image: "quay.io/external_storage/rbd-provisioner:latest"
        env:
        - name: PROVISIONER_NAME
          value: ceph.com/rbd
      serviceAccount: rbd-provisioner
[root@bs-k8s-master01 harbor]# kubectl apply -f ceph-harbor-secret.yaml
secret/ceph-harbor-admin-secret created
secret/ceph-harbor-harbor-secret created
[root@bs-k8s-master01 harbor]# kubectl get secret -n harbor
NAME                          TYPE                                  DATA   AGE
ceph-harbor-admin-secret      kubernetes.io/rbd                     1      23s
ceph-harbor-harbor-secret     kubernetes.io/rbd                     1      23s
default-token-8k9gs           kubernetes.io/service-account-token   3      8m49s
rbd-provisioner-token-mhl29   kubernetes.io/service-account-token   3      5m24s
[root@bs-k8s-master01 harbor]# cat ceph-harbor-secret.yaml 
##########################################################################
#Author:                     zisefeizhu
#QQ:                         2********0
#Date:                       2020-02-16
#FileName:                   ceph-harbor-secret.yaml
#URL:                        https://www.cnblogs.com/zisefeizhu/
#Description:                The test script
#Copyright (C):              2020 All rights reserved
###########################################################################
apiVersion: v1
kind: Secret
metadata:
  name: ceph-harbor-admin-secret
  namespace: harbor
data:
  key: QVFDNmNVSmV2eU8yRnhBQVBxYzE5Mm5PelNnZk5acmg5aEFQYXc9PQ==
type: kubernetes.io/rbd
---
apiVersion: v1
kind: Secret
metadata:
  name: ceph-harbor-harbor-secret
  namespace: harbor
data:
  key: QVFEb0NrbGVuNmU0TnhBQVZYbXkvUEcrUjVpSDhmTnpNaGs2Smc9PQ==
type: kubernetes.io/rbd
[root@bs-k8s-master01 harbor]# kubectl apply -f ceph-harbor-storageclass.yaml
storageclass.storage.k8s.io/ceph-harbor created
[root@bs-k8s-master01 harbor]# kubectl get sc
NAME          PROVISIONER    RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
ceph-harbor   ceph.com/rbd   Retain          Immediate           false                  11s
ceph-rbd      ceph.com/rbd   Retain          Immediate           false                  25h
[root@bs-k8s-master01 harbor]# cat ceph-harbor-storageclass.yaml
##########################################################################
#Author:                     zisefeizhu
#QQ:                         2********0
#Date:                       2020-02-16
#FileName:                   ceph-harbor-storageclass.yaml
#URL:                        https://www.cnblogs.com/zisefeizhu/
#Description:                The test script
#Copyright (C):              2020 All rights reserved
###########################################################################
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: ceph-harbor
  annotations:
    storageclass.kubernetes.io/is-default-class: "false"
provisioner: ceph.com/rbd
reclaimPolicy: Retain
parameters:
  monitors: 20.0.0.206:6789,20.0.0.207:6789,20.0.0.208:6789
  adminId: admin
  adminSecretName: ceph-harbor-admin-secret
  adminSecretNamespace: harbor
  pool: harbor
  fsType: xfs
  userId: harbor
  userSecretName: ceph-harbor-harbor-secret
  imageFormat: "2"
  imageFeatures: "layering"
[root@bs-k8s-master01 harbor]# kubectl apply -f ceph-harbor-pvc.yaml
persistentvolumeclaim/pvc-ceph-harbor created
wp-pv-claim      Bound    pvc-494a130d-018c-4be3-9b31-e951cc4367a5   20Gi       RWO            ceph-rbd       23h
[root@bs-k8s-master01 harbor]# kubectl get pv -n harbor
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                    STORAGECLASS   REASON   AGE
pvc-494a130d-018c-4be3-9b31-e951cc4367a5   20Gi       RWO            Retain           Bound    default/wp-pv-claim      ceph-rbd                23h
pvc-4df6a301-c9f3-4694-8271-d1d0184c00aa   1Gi        RWO            Retain           Bound    harbor/pvc-ceph-harbor   ceph-harbor             6s
pvc-8ffa3182-a2f6-47d9-a71d-ff8e8b379a16   1Gi        RWO            Retain           Bound    default/ceph-pvc         ceph-rbd                26h
pvc-ac7d3a09-123e-4614-886c-cded8822a078   20Gi       RWO            Retain           Bound    default/mysql-pv-claim   ceph-rbd                23h
[root@bs-k8s-master01 harbor]# kubectl get pvc
NAME             STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
ceph-pvc         Bound    pvc-8ffa3182-a2f6-47d9-a71d-ff8e8b379a16   1Gi        RWO            ceph-rbd       26h
mysql-pv-claim   Bound    pvc-ac7d3a09-123e-4614-886c-cded8822a078   20Gi       RWO            ceph-rbd       23h
wp-pv-claim      Bound    pvc-494a130d-018c-4be3-9b31-e951cc4367a5   20Gi       RWO            ceph-rbd       23h
[root@bs-k8s-master01 harbor]# kubectl get pvc -n harbor
NAME              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
pvc-ceph-harbor   Bound    pvc-4df6a301-c9f3-4694-8271-d1d0184c00aa   1Gi        RWO            ceph-harbor    24s
[root@bs-k8s-master01 harbor]# cat ceph-harbor-pvc.yaml 
##########################################################################
#Author:                     zisefeizhu
#QQ:                         2********0
#Date:                       2020-02-16
#FileName:                   ceph-harbor-pvc.yaml
#URL:                        https://www.cnblogs.com/zisefeizhu/
#Description:                The test script
#Copyright (C):              2020 All rights reserved
###########################################################################
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-ceph-harbor
  namespace: harbor
spec:
  storageClassName: ceph-harbor
  accessModes:
  - ReadWriteOnce
  resources:
    requests: 
      storage: 1Gi

//到此 完成了在harbor 名称空间下创建动态pv

 

posted @ 2020-02-16 19:35  紫色飞猪  阅读(604)  评论(0编辑  收藏  举报