docker kubernetes部署cephcsi链接外部ceph

一、Ceph CIS 介绍

1.1 功能介绍

Ceph Container Storage Interface（ceph CSI）是 Ceph 存储集群提供给 Kubernetes 的一种插件式接口，用于 Kubernetes 中动态配置和管理 Ceph 存储。

CSI 是 Kubernetes 的第三方存储插件，为 Kubernetes 集群中运行的 Pod 提供了直接访问 Ceph 存储集群的能力。通过 CSI 接口，Kubernetes 用户可以使用 Ceph 存储集群作为 Kubernetes 集群中的持久化存储，而不需要深入了解 Ceph 存储集群的底层实现。

1.2 工作原理：

Kubernetes 用户需要通过 CSI 接口在 Kubernetes 集群中创建一个 PersistentVolumeClaim（PVC），并指定所需的存储容量和其他相关参数。Kubernetes 会将 PVC 转换成 CSI NodePublishRequest，并发送到 CSI 插件。CSI 插件会将 NodePublishRequest 转换成 Ceph 存储集群中的 API 请求，并将结果返回给 Kubernetes。Kubernetes 将结果转换成 CSI NodePublishResponse，并将其发送到 Node 上运行的 CSI 插件。CSI 插件会将 NodePublishResponse 转换成 Ceph 存储集群中的 API 请求，并将结果返回给 Kubernetes。

通过 CSI 接口，用户可以方便地在 Kubernetes 集群中使用 Ceph 存储集群，从而为 Kubernetes 应用程序提供持久化数据存储。同时，CSI 还提供了一系列的安全机制和管理功能，使 Kubernetes 用户可以更加灵活地管理和配置 Ceph 存储集群。

1.3 主要作用

配置管理 - Ceph CIS允许管理员在集群中配置和管理Ceph存储集群的各种操作。通过CIS，管理员可以执行诸如添加/删除/更新OSD（对象存储设备）、创建/删除CRUSH图等操作。监控 - Ceph CIS提供了对Ceph存储集群的实时监控功能。它可以帮助管理员跟踪集群的使用情况、性能瓶颈以及故障状态。故障排除 - Ceph CIS允许管理员检查集群各个组件的状态，以便快速发现和修复故障。例如，如果某个OSD停止工作，管理员可以使用CIS来诊断和解决该问题。性能优化 - Ceph CIS可以收集并分析Ceph集群的性能数据，以便管理员进行优化。通过CIS，管理员可以了解集群中每个组件的负载情况，以及哪些操作可能会影响集群的性能。

总之，Ceph CIS是Ceph存储集群的重要组成部分，它可以帮助管理员轻松地管理、监控和维护整个集群，确保其高可用性和高性能。

二、部署Ceph CIS插件

ceph集群部署镜像下载本站镜像下载

docker pull quay.io/k8scsi/csi-resizer:v1.1.0

docker pull quay.io/k8scsi/csi-attacher:v3.1.0

docker pull quay.io/k8scsi/csi-node-driver-registrar:v2.1.0

docker pull quay.io/k8scsi/csi-provisioner:v2.1.0

docker pull quay.io/k8scsi/csi-snapshotter:v3.0.3

docker pull quay.io/cephcsi/cephcsi:v3.2.0

2.1 创建Namespace

apiVersion: v1

kind: Namespace

metadata:

labels:

kubernetes.io/metadata.name: cephcsi

2.2 创建ConfigMap

apiVersion: v1

kind: ConfigMap

metadata:

namespace: cephcsi

labels:

addonmanager.kubernetes.io/mode: Reconcile

data:

config.json: |-

[{"clusterID":"92bdd53a-c560-42ea-aecd-056c94808f17","monitors":["192.168.17.50:6789","192.168.17.60:6789","192.168.17.70:6789"],"cephFS":{}}]

# 以上配置信息

ceph mon dump

dumped monmap epoch 3

epoch 3

fsid 92bdd53a-c560-42ea-aecd-056c94808f17 # clusterID

last_changed 2023-04-11 16:44:54.723870

created 2023-04-11 16:43:36.126758

min_mon_release 14 (nautilus)

0: [v2:192.168.17.50:3300/0,v1:192.168.17.50:6789/0] mon.node50 #192.168.17.50:6789地址

1: [v2:192.168.17.60:3300/0,v1:192.168.17.60:6789/0] mon.node60

2: [v2:192.168.17.70:3300/0,v1:192.168.17.70:6789/0] mon.node70

2.3 创建Secret

apiVersion: v1

kind: Secret

metadata:

namespace: cephcsi

data:

adminID: admin

adminKey: AQC4HTVkrEaTJxAAsj16ACmuxiDCmlSDEmkInA==

userID: admin

userKey: AQC4HTVkrEaTJxAAsj16ACmuxiDCmlSDEmkInA==

# 获取admin用户的AdminKey，执行指令

ceph auth get client.admin

exported keyring for client.admin

[client.admin]

key = AQC4HTVkrEaTJxAAsj16ACmuxiDCmlSDEmkInA== #adminKey和userKey

caps mds = "allow *"

caps mgr = "allow *"

caps mon = "allow *"

caps osd = "allow *"

2.4 创建StorageClass

allowVolumeExpansion: true

apiVersion: storage.k8s.io/v1

kind: StorageClass

metadata:

annotations:

k8s.kuboard.cn/storageType: cephfs_provisioner

parameters:

clusterID: 92bdd53a-c560-42ea-aecd-056c94808f17 #与ConfigMap相同

csi.storage.k8s.io/controller-expand-secret-name: cephfs-secret-ceph

csi.storage.k8s.io/controller-expand-secret-namespace: cephcsi

csi.storage.k8s.io/node-stage-secret-name: cephfs-secret-ceph

csi.storage.k8s.io/node-stage-secret-namespace: cephcsi

csi.storage.k8s.io/provisioner-secret-name: cephfs-secret-ceph

csi.storage.k8s.io/provisioner-secret-namespace: cephcsi

fsName: cephfs

pool: cephfs_pool

provisioner: cephfs.csi.ceph.com

reclaimPolicy: Delete

volumeBindingMode: Immediate

2.5 创建VolumeSnapshotClass

apiVersion: snapshot.storage.k8s.io/v1beta1

deletionPolicy: Delete

driver: cephfs.csi.ceph.com

kind: VolumeSnapshotClass

metadata:

annotations: {}

parameters:

clusterID: 92bdd53a-c560-42ea-aecd-056c94808f17 #与ConfigMap相同

csi.storage.k8s.io/snapshotter-secret-name: cephfs-secret-ceph

csi.storage.k8s.io/snapshotter-secret-namespace: cephcsi

2.6 创建csi-provisioner RBAC

apiVersion: v1

kind: ServiceAccount

metadata:

namespace: cephcsi

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

rules:

- apiGroups:

- ''

resources:

- nodes

verbs:

- get

- list

- watch

- apiGroups:

- ''

resources:

- secrets

verbs:

- get

- list

- apiGroups:

- ''

resources:

- events

verbs:

- list

- watch

- create

- update

- patch

- apiGroups:

- ''

resources:

- persistentvolumes

verbs:

- get

- list

- watch

- create

- delete

- patch

- apiGroups:

- ''

resources:

- persistentvolumeclaims

verbs:

- get

- list

- watch

- update

- apiGroups:

- storage.k8s.io

resources:

- storageclasses

verbs:

- get

- list

- watch

- apiGroups:

- snapshot.storage.k8s.io

resources:

- volumesnapshots

verbs:

- get

- list

- apiGroups:

- snapshot.storage.k8s.io

resources:

- volumesnapshotcontents

verbs:

- create

- get

- list

- watch

- update

- delete

- apiGroups:

- snapshot.storage.k8s.io

resources:

- volumesnapshotclasses

verbs:

- get

- list

- watch

- apiGroups:

- storage.k8s.io

resources:

- volumeattachments

verbs:

- get

- list

- watch

- update

- patch

- apiGroups:

- storage.k8s.io

resources:

- volumeattachments/status

verbs:

- patch

- apiGroups:

- ''

resources:

- persistentvolumeclaims/status

verbs:

- update

- patch

- apiGroups:

- storage.k8s.io

resources:

- csinodes

verbs:

- get

- list

- watch

- apiGroups:

- snapshot.storage.k8s.io

resources:

- volumesnapshotcontents/status

verbs:

- update

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

subjects:

- kind: ServiceAccount

namespace: cephcsi

---

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

metadata:

namespace: cephcsi

rules:

- apiGroups:

- ''

resources:

- configmaps

verbs:

- get

- list

- create

- delete

- apiGroups:

- coordination.k8s.io

resources:

- leases

verbs:

- get

- watch

- list

- delete

- update

- create

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

namespace: cephcsi

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

subjects:

- kind: ServiceAccount

namespace: cephcsi

---

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

metadata:

namespace: cephcsi

rules:

- apiGroups:

- policy

resourceNames:

- cephfs-csi-provisioner-psp

resources:

- podsecuritypolicies

verbs:

- use

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

namespace: cephcsi

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

subjects:

- kind: ServiceAccount

namespace: cephcsi

2.7 创建nodepluginRBAC

---

apiVersion: v1

kind: ServiceAccount

metadata:

namespace: cephcsi

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

rules:

- apiGroups:

- ''

resources:

- nodes

verbs:

- get

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

subjects:

- kind: ServiceAccount

namespace: cephcsi

---

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

metadata:

namespace: cephcsi

rules:

- apiGroups:

- policy

resourceNames:

- cephfs-csi-nodeplugin-psp

resources:

- podsecuritypolicies

verbs:

- use

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

namespace: cephcsi

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

subjects:

- kind: ServiceAccount

namespace: cephcsi

2.8 创建provisioner Service

---

apiVersion: v1

kind: Service

metadata:

labels:

app: csi-metrics

namespace: cephcsi

spec:

ports:

- name: http-metrics

port: 8080

protocol: TCP

targetPort: 8681

selector:

app: csi-cephfsplugin-provisioner

2.9 创建cephfsplugin Service

---

apiVersion: v1

kind: Service

metadata:

labels:

app: csi-metrics

spec:

ports:

- name: http-metrics

port: 8080

protocol: TCP

targetPort: 8681

selector:

app: csi-cephfsplugin

2.9 创建provisioner Deployment

---

apiVersion: apps/v1

kind: Deployment

metadata:

namespace: cephcsi

spec:

replicas: 2

selector:

matchLabels:

app: csi-cephfsplugin-provisioner

template:

metadata:

labels:

app: csi-cephfsplugin-provisioner

spec:

affinity:

podAntiAffinity:

requiredDuringSchedulingIgnoredDuringExecution:

- labelSelector:

matchExpressions:

- key: app

operator: In

values:

- csi-cephfsplugin-provisioner

topologyKey: kubernetes.io/hostname

containers:

- args:

- '--csi-address=$(ADDRESS)'

- '--v=5'

- '--timeout=150s'

- '--leader-election=true'

- '--retry-interval-start=500ms'

- '--feature-gates=Topology=false'

env:

- name: ADDRESS

value: 'unix:///csi/csi-provisioner.sock'

image: 'csi-provisioner:v2.1.0'

imagePullPolicy: IfNotPresent

volumeMounts:

- mountPath: /csi

- args:

- '--csi-address=$(ADDRESS)'

- '--v=5'

- '--timeout=150s'

- '--leader-election'

- '--retry-interval-start=500ms'

- '--handle-volume-inuse-error=false'

env:

- name: ADDRESS

value: 'unix:///csi/csi-provisioner.sock'

image: 'csi-resizer:v1.1.0'

imagePullPolicy: IfNotPresent

volumeMounts:

- mountPath: /csi

- args:

- '--csi-address=$(ADDRESS)'

- '--v=5'

- '--timeout=150s'

- '--leader-election=true'

env:

- name: ADDRESS

value: 'unix:///csi/csi-provisioner.sock'

image: 'csi-snapshotter:v3.0.3'

imagePullPolicy: IfNotPresent

securityContext:

privileged: true

volumeMounts:

- mountPath: /csi

- args:

- '--v=5'

- '--csi-address=$(ADDRESS)'

- '--leader-election=true'

- '--retry-interval-start=500ms'

env:

- name: ADDRESS

value: /csi/csi-provisioner.sock

image: 'csi-attacher:v3.1.0'

imagePullPolicy: IfNotPresent

volumeMounts:

- mountPath: /csi

- args:

- '--nodeid=$(NODE_ID)'

- '--type=cephfs'

- '--controllerserver=true'

- '--endpoint=$(CSI_ENDPOINT)'

- '--v=5'

- '--drivername=cephfs.csi.ceph.com'

- '--pidlimit=-1'

env:

- name: POD_IP

valueFrom:

fieldRef:

fieldPath: status.podIP

- name: NODE_ID

valueFrom:

fieldRef:

fieldPath: spec.nodeName

- name: CSI_ENDPOINT

value: 'unix:///csi/csi-provisioner.sock'

image: 'cephcsi:v3.2.0'

imagePullPolicy: IfNotPresent

securityContext:

capabilities:

add:

- SYS_ADMIN

privileged: true

volumeMounts:

- mountPath: /csi

- mountPath: /sys

- mountPath: /lib/modules

readOnly: true

- mountPath: /dev

- mountPath: /etc/ceph-csi-config/

- mountPath: /tmp/csi/keys

- args:

- '--type=liveness'

- '--endpoint=$(CSI_ENDPOINT)'

- '--metricsport=8681'

- '--metricspath=/metrics'

- '--polltime=60s'

- '--timeout=3s'

env:

- name: CSI_ENDPOINT

value: 'unix:///csi/csi-provisioner.sock'

- name: POD_IP

valueFrom:

fieldRef:

fieldPath: status.podIP

image: 'cephcsi:v3.2.0'

imagePullPolicy: IfNotPresent

volumeMounts:

- mountPath: /csi

serviceAccount: cephfs-csi-provisioner

volumes:

- emptyDir:

medium: Memory

- hostPath:

path: /sys

- hostPath:

path: /lib/modules

- hostPath:

path: /dev

- configMap:

- emptyDir:

medium: Memory

2.10 创建cephfsplugin DaemonSet

---

apiVersion: apps/v1

kind: DaemonSet

metadata:

namespace: cephcsi

spec:

selector:

matchLabels:

app: csi-cephfsplugin

template:

metadata:

labels:

app: csi-cephfsplugin

spec:

containers:

- args:

- '--v=5'

- '--csi-address=/csi/csi.sock'

- >-

--kubelet-registration-path=/var/lib/kubelet/plugins/cephfs.csi.ceph.com/csi.sock

env:

- name: KUBE_NODE_NAME

valueFrom:

fieldRef:

fieldPath: spec.nodeName

image: 'csi-node-driver-registrar:v2.1.0'

securityContext:

privileged: true

volumeMounts:

- mountPath: /csi

- mountPath: /registration

- args:

- '--nodeid=$(NODE_ID)'

- '--type=cephfs'

- '--nodeserver=true'

- '--endpoint=$(CSI_ENDPOINT)'

- '--v=5'

- '--drivername=cephfs.csi.ceph.com'

env:

- name: POD_IP

valueFrom:

fieldRef:

fieldPath: status.podIP

- name: NODE_ID

valueFrom:

fieldRef:

fieldPath: spec.nodeName

- name: CSI_ENDPOINT

value: 'unix:///csi/csi.sock'

image: 'cephcsi:v3.2.0'

imagePullPolicy: IfNotPresent

securityContext:

allowPrivilegeEscalation: true

capabilities:

add:

- SYS_ADMIN

privileged: true

volumeMounts:

- mountPath: /csi

- mountPath: /var/lib/kubelet/pods

mountPropagation: Bidirectional

- mountPath: /var/lib/kubelet/plugins

mountPropagation: Bidirectional

- mountPath: /sys

- mountPath: /lib/modules

readOnly: true

- mountPath: /dev

- mountPath: /run/mount

- mountPath: /etc/ceph-csi-config/

- mountPath: /tmp/csi/keys

- args:

- '--type=liveness'

- '--endpoint=$(CSI_ENDPOINT)'

- '--metricsport=8681'

- '--metricspath=/metrics'

- '--polltime=60s'

- '--timeout=3s'

env:

- name: CSI_ENDPOINT

value: 'unix:///csi/csi.sock'

- name: POD_IP

valueFrom:

fieldRef:

fieldPath: status.podIP

image: 'cephcsi:v3.2.0'

imagePullPolicy: IfNotPresent

securityContext:

privileged: true

volumeMounts:

- mountPath: /csi

dnsPolicy: ClusterFirstWithHostNet

hostNetwork: true

serviceAccount: cephfs-csi-nodeplugin

tolerations:

- effect: ''

key: node-role.kubernetes.io/master

operator: Exists

volumes:

- hostPath:

path: /var/lib/kubelet/plugins/cephfs.csi.ceph.com/

type: DirectoryOrCreate

- hostPath:

path: /var/lib/kubelet/plugins_registry/

type: Directory

- hostPath:

path: /var/lib/kubelet/pods

type: DirectoryOrCreate

- hostPath:

path: /var/lib/kubelet/plugins

type: Directory

- hostPath:

path: /sys

- hostPath:

path: /lib/modules

- hostPath:

path: /dev

- hostPath:

path: /run/mount

- configMap:

- emptyDir:

medium: Memory

2.11 创建名称为rabbitmq数据卷

---

metadata:

annotations:

k8s.kuboard.cn/pvcType: Dynamic

namespace: default # 需要用到的命名空间

spec:

accessModes:

- ReadWriteMany

resources:

requests:

storage: 5Gi

storageClassName: ceph

2.12 部署使用使用

# pod的volumes字段声明

volumes:

- name: rabbitmq

persistentVolumeClaim:

claimName: rabbitmq-ceph

# 在容器内使用

volumeMounts:

- mountPath: /data

精彩内容

评论可见，请评论后查看内容，谢谢！！！评论后请刷新页面。

夸智网

docker kubernetes部署cephcsi链接外部ceph

运维 Docker的基本操作——容器操作

人工智能 chatgpt ai microsoft 今天起，Windows可以一键召唤GPT-4了

发表评论取消回复

夸智网

docker kubernetes部署cephcsi链接外部ceph

运维 Docker的基本操作——容器操作

人工智能 chatgpt ai microsoft 今天起，Windows可以一键召唤GPT-4了

相关文章

发表评论取消回复