NFS存储、API资源对象StorageClass、Ceph存储-搭建ceph集群和Ceph存储-在k8s里使用ceph（2024-07-16）

一、NFS存储

注意：在做本章节示例时，需要拿单独一台机器来部署NFS，具体步骤略。
NFS作为常用的网络文件系统，在多机之间共享文件的场景下用途广泛，毕竟NFS配置方
便，而且稳定可靠。
NFS同样也有一些缺点：① 存在单点故障的风险；② 不方便扩容；③ 性能一般。
NFS比较适合一些简单的、对存储要求不高的场景，比如测试环境、开发环境。

完整示例：
首先部署好NFS服务，并且保证所有Kubernetes节点可以顺利挂载（showmount -e
192.168.100.160 ）

[root@aminglinux01 ~]# showmount -e 192.168.100.160
Export list for 192.168.100.160:
/root/nfs *
[root@aminglinux01 ~]# 

 定义基于NFS的PV

vi nfs-pv.yaml

[root@aminglinux01 ~]# cat nfs-pv.yaml 
apiVersion: v1
kind: PersistentVolume
metadata:name: nfs-pv
spec:capacity:storage: 5GiaccessModes:- ReadWriteManypersistentVolumeReclaimPolicy: RetainstorageClassName: nfs-storagenfs:path: /data/nfs2server: 192.168.100.160
[root@aminglinux01 ~]# 

定义PVC

vi nfs-pvc.yaml

[root@aminglinux01 ~]# cat nfs-pvc.yaml 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: nfs-pvc
spec:storageClassName: nfs-storageaccessModes:- ReadWriteManyresources:requests:storage: 5Gi
[root@aminglinux01 ~]# 
[root@aminglinux01 ~]# kubectl apply -f nfs-pvc.yaml
persistentvolumeclaim/nfs-pvc created
[root@aminglinux01 ~]# 

定义Pod

vi nfs-pod.yaml

[root@aminglinux01 ~]# cat nfs-pod.yaml 
apiVersion: v1
kind: Pod
metadata:name: nfs-pod
spec:containers:- name: nfs-containerimage: nginx:latestvolumeMounts:- name: nfs-storagemountPath: /datavolumes:- name: nfs-storagepersistentVolumeClaim:claimName: nfs-pvc
[root@aminglinux01 ~]# kubectl apply -f nfs-pod.yaml 
pod/nfs-pod created
[root@aminglinux01 ~]# 

[root@aminglinux01 ~]# kubectl describe pod nfs-pod
Name:             nfs-pod
Namespace:        default
Priority:         0
Service Account:  default
Node:             aminglinux03/192.168.100.153
Start Time:       Tue, 16 Jul 2024 17:53:58 +0800
Labels:           <none>
Annotations:      cni.projectcalico.org/containerID: cae85b956d4a3570429db9b11f96d51b258af363c313885d26a9d12ab0715357
                  cni.projectcalico.org/podIP: 10.18.68.176/32
                  cni.projectcalico.org/podIPs: 10.18.68.176/32
Status:           Running
IP:               10.18.68.176
IPs:
  IP:  10.18.68.176
Containers:
  nfs-container:
    Container ID:   containerd://377477b565ff23b752d278289011af378936831a4c9af9f0e3f5aaf6187fed87
    Image:          nginx:latest
    Image ID:       docker.io/library/nginx@sha256:67682bda769fae1ccf5183192b8daf37b64cae99c6c3302650f6f8bf5f0f95df
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Tue, 16 Jul 2024 18:18:43 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /data from nfs-storage (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-mtjkr (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  nfs-storage:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  nfs-pvc
    ReadOnly:   false
  kube-api-access-mtjkr:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason       Age                   From               Message
  ----     ------       ----                  ----               -------
  Normal   Scheduled    32m                   default-scheduler  Successfully assigned default/nfs-pod to aminglinux03
  Warning  FailedMount  10m (x10 over 30m)    kubelet            Unable to attach or mount volumes: unmounted volumes=[nfs-storage], unattached volumes=[nfs-storage kube-api-access-mtjkr]: timed out waiting for the condition
  Warning  FailedMount  9m47s (x19 over 32m)  kubelet            MountVolume.SetUp failed for volume "nfs-pv" : mount failed: exit status 32
Mounting command: mount
Mounting arguments: -t nfs 192.168.100.160:/data/nfs2 /var/lib/kubelet/pods/d89d3ab9-836c-47a0-8b60-c6c953184756/volumes/kubernetes.io~nfs/nfs-pv
Output: mount.nfs: access denied by server while mounting 192.168.100.160:/data/nfs2
[root@aminglinux01 ~]# 
 

二、API资源对象StorageClass

SC的主要作用在于，自动创建PV，从而实现PVC按需自动绑定PV。下面我们通过创建一个基于NFS的SC来演示SC的作用。要想使用NFS的SC，还需要安装一个NFS provisioner，provisioner里会定义NFS相关的信息（服务器IP、共享目录等）
github地址： https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner

将源码下载下来：
git clone https://github.com/kubernetes-sigs/nfs-subdir-externalprovisioner

cd nfs-subdir-external-provisioner/deploy
sed -i 's/namespace: default/namespace: kube-system/' rbac.yaml ##修改命名空间为kube-system
kubectl apply -f rbac.yaml ##创建rbac授权

[root@aminglinux01 ~]# cd nfs-subdir-external-provisioner/deploy
[root@aminglinux01 deploy]# sed -i 's/namespace: default/namespace: kube-system/' rbac.yaml
[root@aminglinux01 deploy]# kubectl apply -f rbac.yaml 
serviceaccount/nfs-client-provisioner unchanged
clusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-runner unchanged
clusterrolebinding.rbac.authorization.k8s.io/run-nfs-client-provisioner unchanged
role.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner unchanged
rolebinding.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner unchanged
[root@aminglinux01 deploy]# 

修改deployment.yaml

[root@aminglinux01 deploy]# cat deployment.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:name: nfs-client-provisionerlabels:app: nfs-client-provisioner# replace with namespace where provisioner is deployednamespace: kube-system
spec:replicas: 1strategy:type: Recreateselector:matchLabels:app: nfs-client-provisionertemplate:metadata:labels:app: nfs-client-provisionerspec:serviceAccountName: nfs-client-provisionercontainers:- name: nfs-client-provisionerimage: registry.cn-hangzhou.aliyuncs.com/*/nfs-subdir-external-provisioner:v4.0.2volumeMounts:- name: nfs-client-rootmountPath: /persistentvolumesenv:- name: PROVISIONER_NAMEvalue: k8s-sigs.io/nfs-subdir-external-provisioner- name: NFS_SERVER value: 192.168.100.160       ###NFS服务器IP- name: NFS_PATH       value: /data/nfs             ###NFS服务器路径volumes:- name: nfs-client-rootnfs:server: 192.168.100.160        ###NFS服务器IPpath: /data/nfs                ###NFS服务器路径
[root@aminglinux01 deploy]# 

[root@aminglinux01 deploy]# kubectl apply -f  deployment.yaml 
deployment.apps/nfs-client-provisioner configured
[root@aminglinux01 deploy]# kubectl apply -f  class.yaml 
storageclass.storage.k8s.io/nfs-client unchanged

SC YAML示例

cat class.yaml

[root@aminglinux01 deploy]# cat class.yaml 
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:name: nfs-client
provisioner: k8s-sigs.io/nfs-subdir-external-provisioner # or choose another name, must match deployment's env PROVISIONER_NAME'
parameters:archiveOnDelete: "false"                ###自动收缩存储空间
[root@aminglinux01 deploy]# 

[root@aminglinux01 deploy]# kubectl get StorageClass nfs-client
NAME         PROVISIONER                                   RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
nfs-client   k8s-sigs.io/nfs-subdir-external-provisioner   Delete          Immediate           false                  7d20h
[root@aminglinux01 deploy]# kubectl describe StorageClass nfs-client
Name:            nfs-client
IsDefaultClass:  No
Annotations:     kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"storage.k8s.io/v1","kind":"StorageClass","metadata":{"annotations":{},"name":"nfs-client"},"parameters":{"archiveOnDelete":"false"},"provisioner":"k8s-sigs.io/nfs-subdir-external-provisioner"}Provisioner:           k8s-sigs.io/nfs-subdir-external-provisioner
Parameters:            archiveOnDelete=false
AllowVolumeExpansion:  <unset>
MountOptions:          <none>
ReclaimPolicy:         Delete
VolumeBindingMode:     Immediate
Events:                <none>
[root@aminglinux01 deploy]# 

有了SC，还需要一个PVC

vi nfsPvc.yaml

[root@aminglinux01 deploy]# cat nfsPvc.yaml 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: nfspvc
spec:storageClassName: nfs-clientaccessModes:- ReadWriteManyresources:requests:storage: 500Mi
[root@aminglinux01 deploy]#
[root@aminglinux01 deploy]# kubectl apply -f nfsPvc.yaml 
persistentvolumeclaim/nfspvc created

[root@aminglinux01 deploy]# kubectl get PersistentVolumeClaim nfspvc 
NAME     STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
nfspvc   Bound    pvc-edef8fd1-ab6c-4566-97f7-57627c26101c   500Mi      RWX            nfs-client     6m5s
[root@aminglinux01 deploy]# kubectl describe PersistentVolumeClaim nfspvc 
Name:          nfspvc
Namespace:     default
StorageClass:  nfs-client
Status:        Bound
Volume:        pvc-edef8fd1-ab6c-4566-97f7-57627c26101c
Labels:        <none>
Annotations:   pv.kubernetes.io/bind-completed: yespv.kubernetes.io/bound-by-controller: yesvolume.beta.kubernetes.io/storage-provisioner: k8s-sigs.io/nfs-subdir-external-provisionervolume.kubernetes.io/storage-provisioner: k8s-sigs.io/nfs-subdir-external-provisioner
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      500Mi
Access Modes:  RWX
VolumeMode:    Filesystem
Used By:       nfspod
Events:Type    Reason                 Age                    From                                                                                                                      Message----    ------                 ----                   ----                                                                                                                      -------Normal  ExternalProvisioning   6m15s (x2 over 6m15s)  persistentvolume-controller                                                                                               waiting for a volume to be created, either by external provisioner "k8s-sigs.io/nfs-subdir-external-provisioner" or manually created by system administratorNormal  Provisioning           6m14s                  k8s-sigs.io/nfs-subdir-external-provisioner_nfs-client-provisioner-74fcdfd588-5898r_67df3ef1-fefc-4f5e-9032-0c4263a17061  External provisioner is provisioning volume for claim "default/nfspvc"Normal  ProvisioningSucceeded  6m14s                  k8s-sigs.io/nfs-subdir-external-provisioner_nfs-client-provisioner-74fcdfd588-5898r_67df3ef1-fefc-4f5e-9032-0c4263a17061  Successfully provisioned volume pvc-edef8fd1-ab6c-4566-97f7-57627c26101c
[root@aminglinux01 deploy]# 

下面创建一个Pod，来使用PVC
vi nfsPod.yaml

[root@aminglinux01 deploy]# cat nfsPod.yaml 
apiVersion: v1
kind: Pod
metadata:name: nfspod
spec:containers:- name: nfspodimage: nginx:latestvolumeMounts:- name: nfspvmountPath: "/usr/share/nginx/html"volumes:- name: nfspvpersistentVolumeClaim:claimName: nfspvc
[root@aminglinux01 deploy]# 
[root@aminglinux01 deploy]# kubectl apply -f nfsPod.yaml 
pod/nfspod created

[root@aminglinux01 deploy]# kubectl describe pod nfspod
Name:             nfspod
Namespace:        default
Priority:         0
Service Account:  default
Node:             aminglinux03/192.168.100.153
Start Time:       Tue, 16 Jul 2024 23:48:25 +0800
Labels:           <none>
Annotations:      cni.projectcalico.org/containerID: b81a7c48a39cbcb4acfe42b0c4677b5dd320b63f1735de9ec6a3f11a3ea93a1a
                  cni.projectcalico.org/podIP: 10.18.68.179/32
                  cni.projectcalico.org/podIPs: 10.18.68.179/32
Status:           Running
IP:               10.18.68.179
IPs:
  IP:  10.18.68.179
Containers:
  nfspod:
    Container ID:   containerd://abe29d820c121bac46af4d1341aabeb0d8a30759917389e33ba7ca0619c97e76
    Image:          nginx:latest
    Image ID:       docker.io/library/nginx@sha256:67682bda769fae1ccf5183192b8daf37b64cae99c6c3302650f6f8bf5f0f95df
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Tue, 16 Jul 2024 23:48:28 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /usr/share/nginx/html from nfspv (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-9xt4f (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  nfspv:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  nfspvc
    ReadOnly:   false
  kube-api-access-9xt4f:
 

 总结一下：
pod想使用共享存储 --> PVC (定义具体需求属性) -->SC (定义Provisioner即pv) -->Provisioner(定义具体的访问存储方法) --> NFS-server
 

三、Ceph存储

Ceph是Ceph使用C++语言开发，是一个开放、自我修复和自我管理的开源分布式存储系统。具有高扩展性、高性能、高可靠性的优点。

Ceph的优点

• 高扩展性：去中心化，支持使用普通X86服务器，支持上千个存储节点的规模，支持TB到EB级扩展。
• 高可靠性：没有单点故障，多数据副本，自动管理，自动修复。
• 高性能：摒弃了传统的集中式存储元数据寻址的方案，采用 CRUSH 算法，数据分布均衡，并行度高。
• 功能强大：Ceph是个大一统的存储系统，集块存储接口（RBD）、文件存储接口（CephFS）、对象存储接口（RadosGW）于一身，因而适用于不同的应用场景。

说明：Kubernetes使用Ceph作为存储，有两种方式，一种是将Ceph部署在Kubernetes里，需要借助一个工具rook；另外一种就是使用外部的Ceph集群，也就是说需要单独部署Ceph集群。下面，我们使用的就是第二种。

搭建Ceph集群

1）准备工作

机器编号	主机名	IP
1	ceph1	192.168.100.161
2	ceph2	192.168.100.162
3	ceph3	192.168.100.163

关闭selinux、firewalld，配置hostname以及/etc/hosts为每一台机器都准备至少一块单独的磁盘（vmware下很方便增加虚拟磁盘），不需要格式化。

[root@bogon ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@bogon ~]# hostnamectl set-hostname Ceph1
[root@Ceph1 ~]# timedatectl set-timezone Asia/Shanghai

所有机器安装时间同步服务chrony

yum install -y chrony
systemctl start chronyd
systemctl enable chronyd

设置yum源（ceph1上）

vi /etc/yum.repos.d/ceph.repo #内容如下

cat /etc/yum.repos.d/ceph.repo
[ceph]
name=ceph
baseurl=http://mirrors.aliyun.com/ceph/rpm-pacific/el8/x86_64/
gpgcheck=0
priority =1
[ceph-noarch]
name=cephnoarch
baseurl=http://mirrors.aliyun.com/ceph/rpm-pacific/el8/noarch/
gpgcheck=0
priority =1
[ceph-source]
name=Ceph source packages
baseurl=http://mirrors.aliyun.com/ceph/rpm-pacific/el8/SRPMS
gpgcheck=0
priority=1

所有机器安装docker-ce（ceph使用docker形式部署）
先安装yum-utils工具

yum install -y yum-utils

配置Docker官方的yum仓库，如果做过，可以跳过

yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

安装docker-ce

yum install -y docker-ce

启动服务

systemctl start docker
systemctl enable docker

所有机器安装python3、lvm2（三台都做）

yum install -y python3 lvm2

2）安装cephadm（ceph1上执行）

yum install -y cephadm

3）使用cephadm部署ceph（ceph1上）

cephadm bootstrap --mon-ip 192.168.100.161

注意看用户名、密码

Ceph Dashboard is now available at:URL: https://Ceph1:8443/User: adminPassword: cpbyyxt86a

4）访问dashboard

https://192.168.100.161:8443
更改密码后，用新密码登录控制台

5）增加host

首先进入ceph shell（ceph1上）

cephadm shell ##会进入ceph的shell界面下

生成ssh密钥对儿

[ceph: root@ceph1 /]# ceph cephadm get-pub-key > ~/ceph.pub

[root@Ceph1 ~]# cephadm shell
Inferring fsid f501f922-43a9-11ef-b210-000c2990e43b
Using recent ceph image quay.io/ceph/ceph@sha256:f15b41add2c01a65229b0db515d2dd57925636ea39678ccc682a49e2e9713d98
[ceph: root@Ceph1 /]# ceph cephadm get-pub-key > ~/ceph.pub

配置到另外两台机器免密登录

[ceph: root@ceph1 /]# ssh-copy-id -f -i ~/ceph.pub root@ceph2
[ceph: root@ceph1 /]# ssh-copy-id -f -i ~/ceph.pub root@ceph3

[ceph: root@Ceph1 /]# ssh-copy-id -f -i ~/ceph.pub root@Ceph2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/ceph.pub"
The authenticity of host 'ceph2 (192.168.100.162)' can't be established.
ECDSA key fingerprint is SHA256:QL7GAuP7XtniiwJbCT7NbC1sBsUWR+giTILzhYD8+/E.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
root@ceph2's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@Ceph2'"
and check to make sure that only the key(s) you wanted were added.[ceph: root@Ceph1 /]# ssh-copy-id -f -i ~/ceph.pub root@Ceph3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/ceph.pub"
The authenticity of host 'ceph3 (192.168.100.163)' can't be established.
ECDSA key fingerprint is SHA256:QTA1LDrVstoSNuCgZavfi8tWh7X9zMowsSm4QqA9wIk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
root@ceph3's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@Ceph3'"
and check to make sure that only the key(s) you wanted were added.[ceph: root@Ceph1 /]# 

到浏览器里，增加主机

6）创建OSD（ceph shell模式下，在ceph上操作）

假设三台机器上新增的新磁盘为/dev/sda

ceph orch daemon add osd Ceph1:/dev/sda
ceph orch daemon add osd Ceph2:/dev/sda
ceph orch daemon add osd Ceph3:/dev/sda

[ceph: root@Ceph1 /]# ceph orch daemon add osd Ceph1:/dev/sda
Created no osd(s) on host Ceph1; already created?
[ceph: root@Ceph1 /]# ceph orch daemon add osd Ceph2:/dev/sda
Created osd(s) 1 on host 'Ceph2'
[ceph: root@Ceph1 /]# ceph orch daemon add osd Ceph3:/dev/sda
Created osd(s) 2 on host 'Ceph3'

7）创建pool

8）查看集群状态

ceph -s

[ceph: root@Ceph1 /]# ceph -scluster:id:     f501f922-43a9-11ef-b210-000c2990e43bhealth: HEALTH_WARNclock skew detected on mon.Ceph2, mon.Ceph3services:mon: 3 daemons, quorum Ceph1,Ceph2,Ceph3 (age 10m)mgr: Ceph2.nhhvbe(active, since 10m), standbys: Ceph1.nqobphosd: 3 osds: 3 up (since 2m), 3 in (since 2m)data:pools:   2 pools, 33 pgsobjects: 0 objects, 0 Busage:   871 MiB used, 14 GiB / 15 GiB availpgs:     33 active+clean[ceph: root@Ceph1 /]# 

 查案磁盘列表

ceph orch device ls

[ceph: root@Ceph1 /]# ceph orch device ls
HOST   PATH      TYPE  DEVICE ID                               SIZE  AVAILABLE  REFRESHED  REJECT REASONS                                                           
Ceph1  /dev/sda  hdd                                          5120M             6m ago     Has a FileSystem, Insufficient space (<10 extents) on vgs, LVM detected  
Ceph1  /dev/sr0  hdd   VMware_IDE_CDR10_10000000000000000001  2569M             6m ago     Has a FileSystem, Insufficient space (<5GB)                              
Ceph2  /dev/sda  hdd                                          5120M             3m ago     Has a FileSystem, Insufficient space (<10 extents) on vgs, LVM detected  
Ceph2  /dev/sr0  hdd   VMware_IDE_CDR10_10000000000000000001  2569M             3m ago     Has a FileSystem, Insufficient space (<5GB)                              
Ceph3  /dev/sda  hdd                                          5120M             2m ago     Has a FileSystem, Insufficient space (<10 extents) on vgs, LVM detected  
[ceph: root@Ceph1 /]# 

9）针对aminglinux01 pool启用rbd application

ceph osd pool application enable aminglinux01 rbd

[ceph: root@Ceph1 /]# ceph osd pool application enable aminglinux01 rbd
enabled application 'rbd' on pool 'aminglinux01'
[ceph: root@Ceph1 /]# 

10）初始化pool

[ceph: root@Ceph1 /]# rbd pool init aminglinux01
[ceph: root@Ceph1 /]# 

四、 k8s使用ceph

1）获取ceph集群信息和admin用户的key（ceph那边）

#获取集群信息

[ceph: root@Ceph1 /]# ceph mon dump
epoch 3
fsid f501f922-43a9-11ef-b210-000c2990e43b           ##这一串一会儿用
last_changed 2024-07-16T19:48:11.564819+0000
created 2024-07-16T19:32:30.484938+0000
min_mon_release 16 (pacific)
election_strategy: 1
0: [v2:192.168.100.161:3300/0,v1:192.168.100.161:6789/0] mon.Ceph1
1: [v2:192.168.100.162:3300/0,v1:192.168.100.162:6789/0] mon.Ceph2
2: [v2:192.168.100.163:3300/0,v1:192.168.100.163:6789/0] mon.Ceph3
dumped monmap epoch 3
[ceph: root@Ceph1 /]# 

#获取admin用户key

[ceph: root@Ceph1 /]# ceph auth get-key client.admin ; echo
AQDNypZmFQmGNhAAbkbd5T9c55nWzJBmpDk9DA==                #这串一会用
[ceph: root@Ceph1 /]# 

2）下载并导入镜像

将用到的镜像先下载下来，避免启动容器时，镜像下载太慢或者无法下载可以下载到其中某一个节点上，然后将镜像拷贝到其它节点

#下载镜像（其中一个节点）

#下载镜像（其中一个节点）
wget -P /tmp/ https://d.frps.cn/file/tools/ceph-csi/k8s_1.24_cephcsi.
tar
#拷贝
scp /tmp/k8s_1.24_ceph-csi.tar aminglinux02:/tmp/
scp /tmp/k8s_1.24_ceph-csi.tar aminglinux03:/tmp/
#导入镜像（所有k8s节点）
ctr -n k8s.io i import k8s_1.24_ceph-csi.tar

3）建ceph的 provisioner

创建ceph目录，后续将所有yaml文件放到该目录下

mkdir ceph
cd ceph

创建secret.yaml 

[root@aminglinux01 ceph]# cat secret.yaml 
apiVersion: v1
kind: Secret
metadata:name: csi-rbd-secretnamespace: default
stringData:userID: adminuserKey: AQDNypZmFQmGNhAAbkbd5T9c55nWzJBmpDk9DA== #这串上面已经获取
[root@aminglinux01 ceph]# 

创建config-map.yaml

[root@aminglinux01 ceph]# cat csi-config-map.yaml 
apiVersion: v1
kind: ConfigMap
metadata:name: "ceph-csi-config"
data:config.json: |-[{"clusterID": "f501f922-43a9-11ef-b210-000c2990e43b","monitors": ["192.168.100.161:6789","192.168.100.162:6789","192.168.100.163:6789"]}]
[root@aminglinux01 ceph]# 

创建ceph-conf.yaml

[root@aminglinux01 ceph]# cat ceph-conf.yaml 
apiVersion: v1
kind: ConfigMap
data:ceph.conf: |[global]auth_cluster_required = cephxauth_service_required = cephxauth_client_required = cephx# keyring is a required key and its value should be emptykeyring: |
metadata:name: ceph-config
[root@aminglinux01 ceph]# 

创建csi-kms-config-map.yaml（该config内容为空）

[root@aminglinux01 ceph]# cat csi-kms-config-map.yaml 
---
apiVersion: v1
kind: ConfigMap
data:config.json: |-{}
metadata:name: ceph-csi-encryption-kms-config
[root@aminglinux01 ceph]#

下载其余rbac以及provisioner相关yaml

wget https://d.frps.cn/file/tools/ceph-csi/csi-provisioner-rbac.yaml
wget https://d.frps.cn/file/tools/ceph-csi/csi-nodeplugin-rbac.yaml
wget https://d.frps.cn/file/tools/ceph-csi/csi-rbdplugin.yaml
wget https://d.frps.cn/file/tools/ceph-csi/csi-rbdpluginprovisioner.yaml

 应用所有yaml（注意，当前目录是在ceph目录下）

 for f in `ls *.yaml`; do echo $f; kubectl apply -f $f; done

for f in `ls *.yaml`; do echo $f; kubectl delete -f $f; done

[root@aminglinux01 ceph]# for f in `ls *.yaml`; do echo $f; kubectl apply -f $f; done
ceph-conf.yaml
configmap/ceph-config created
csi-config-map.yaml
configmap/ceph-csi-config created
csi-kms-config-map.yaml
configmap/ceph-csi-encryption-kms-config created
csi-nodeplugin-rbac.yaml
serviceaccount/rbd-csi-nodeplugin created
clusterrole.rbac.authorization.k8s.io/rbd-csi-nodeplugin created
clusterrolebinding.rbac.authorization.k8s.io/rbd-csi-nodeplugin created
csi-provisioner-rbac.yaml
serviceaccount/rbd-csi-provisioner created
clusterrole.rbac.authorization.k8s.io/rbd-external-provisioner-runner created
clusterrolebinding.rbac.authorization.k8s.io/rbd-csi-provisioner-role created
role.rbac.authorization.k8s.io/rbd-external-provisioner-cfg created
rolebinding.rbac.authorization.k8s.io/rbd-csi-provisioner-role-cfg created
csi-rbdplugin-provisioner.yaml
service/csi-rbdplugin-provisioner created
deployment.apps/csi-rbdplugin-provisioner created
csi-rbdplugin.yaml
daemonset.apps/csi-rbdplugin created
service/csi-metrics-rbdplugin created
secret.yaml
secret/csi-rbd-secret created
[root@aminglinux01 ceph]# 

检查provisioner的pod，状态为running才对

4）创建storageclass

在k8s上创建ceph-sc.yaml

[root@aminglinux01 ceph]# cat ceph-sc.yaml 
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:name: csi-rbd-sc #storageclass名称
provisioner: rbd.csi.ceph.com #驱动器
parameters:clusterID: f501f922-43a9-11ef-b210-000c2990e43b #ceph集群idpool: aminglinux01 #pool空间imageFeatures: layering #rbd特性csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secretcsi.storage.k8s.io/provisioner-secret-namespace: defaultcsi.storage.k8s.io/controller-expand-secret-name: csi-rbd-secretcsi.storage.k8s.io/controller-expand-secret-namespace: defaultcsi.storage.k8s.io/node-stage-secret-name: csi-rbd-secretcsi.storage.k8s.io/node-stage-secret-namespace: default
reclaimPolicy: Delete #pvc回收机制
allowVolumeExpansion: true #对扩展卷进行扩展
mountOptions: #StorageClass 动态创建的 PersistentVolume 将使用类中 mountOptions 字段指定的挂载选项- discard
[root@aminglinux01 ceph]# 

##应用yaml
kubectl apply -f ceph-sc.yaml 

[root@aminglinux01 ceph]# kubectl apply -f ceph-sc.yaml
storageclass.storage.k8s.io/csi-rbd-sc created
[root@aminglinux01 ceph]# 

5）创建pvc

在k8s上创建ceph-pvc.yaml

[root@aminglinux01 ceph]# cat ceph-pvc.yaml 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: ceph-pvc #pvc名称
spec:accessModes:- ReadWriteOnce #访问模式resources:requests:storage: 1Gi #存储空间storageClassName: csi-rbd-sc
[root@aminglinux01 ceph]# 

#应用yaml
kubectl apply -f ceph-pvc.yaml

[root@aminglinux01 ceph]# kubectl apply -f ceph-pvc.yaml
persistentvolumeclaim/ceph-pvc created
[root@aminglinux01 ceph]# 

查看pvc状态，STATUS必须为Bound

[root@aminglinux01 ceph]# kubectl get pvc
NAME                    STATUS    VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS    AGE
ceph-pvc                Bound     pvc-67a82d8a-43c9-4609-95c5-6ae097daedb9   1Gi        RWO            csi-rbd-sc      54s
local-pvc               Bound     local-pv                                   5Gi        RWO            local-storage   39h
nfs-pvc                 Bound     nfs-pv                                     5Gi        RWX            nfs-storage     27h
nfspvc                  Bound     pvc-edef8fd1-ab6c-4566-97f7-57627c26101c   500Mi      RWX            nfs-client      21h
redis-pvc-redis-sts-0   Bound     pvc-402daec2-9527-4a53-a6cb-e1d18c98f3d4   500Mi      RWX            nfs-client      8d
redis-pvc-redis-sts-1   Bound     pvc-bb317d2c-ef72-47a0-a8e2-f7704f60096d   500Mi      RWX            nfs-client      8d
testpvc                 Pending                                                                        test-storage    41h
[root@aminglinux01 ceph]# 

6）创建pod使用ceph存储

[root@aminglinux01 ceph]# cat ceph-pod.yaml 
apiVersion: v1
kind: Pod
metadata:name: ceph-pod
spec:containers:- name: ceph-ngimage: nginx:latestvolumeMounts:- name: ceph-mntmountPath: /mntreadOnly: falsevolumes:- name: ceph-mntpersistentVolumeClaim:claimName: ceph-pvc
[root@aminglinux01 ceph]# 
[root@aminglinux01 ceph]# kubectl apply -f ceph-pod.yaml
pod/ceph-pod created
[root@aminglinux01 ceph]# 

查看pv

[root@aminglinux01 ceph]# kubectl get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS     CLAIM                           STORAGECLASS    REASON   AGE
local-pv                                   5Gi        RWO            Retain           Bound      default/local-pvc               local-storage            39h
nfs-pv                                     5Gi        RWX            Retain           Bound      default/nfs-pvc                 nfs-storage              27h
pvc-402daec2-9527-4a53-a6cb-e1d18c98f3d4   500Mi      RWX            Delete           Bound      default/redis-pvc-redis-sts-0   nfs-client               8d
pvc-67a82d8a-43c9-4609-95c5-6ae097daedb9   1Gi        RWO            Delete           Bound      default/ceph-pvc                csi-rbd-sc               4m7s
pvc-bb317d2c-ef72-47a0-a8e2-f7704f60096d   500Mi      RWX            Delete           Bound      default/redis-pvc-redis-sts-1   nfs-client               8d
pvc-edef8fd1-ab6c-4566-97f7-57627c26101c   500Mi      RWX            Delete           Bound      default/nfspvc                  nfs-client               21h
testpv                                     500Mi      RWO            Retain           Released   default/testpvc                 test-storage             41h
[root@aminglinux01 ceph]# 

在ceph这边查看rbd

[ceph: root@Ceph1 /]# rbd ls aminglinux01
csi-vol-e8aeb725-1e74-42e3-a61b-8020f76d5b1d
[ceph: root@Ceph1 /]# 

在pod里查看挂载情况

[root@aminglinux01 ceph]# kubectl exec -it ceph-pod -- df
Filesystem          1K-blocks    Used Available Use% Mounted on
overlay              17811456 9963716   7847740  56% /
tmpfs                   65536       0     65536   0% /dev
tmpfs                 1860440       0   1860440   0% /sys/fs/cgroup
/dev/rbd0              996780      24    980372   1% /mnt
/dev/mapper/rl-root  17811456 9963716   7847740  56% /etc/hosts
shm                     65536       0     65536   0% /dev/shm
tmpfs                 3618480      12   3618468   1% /run/secrets/kubernetes.io/serviceaccount
tmpfs                 1860440       0   1860440   0% /proc/acpi
tmpfs                 1860440       0   1860440   0% /proc/scsi
tmpfs                 1860440       0   1860440   0% /sys/firmware
[root@aminglinux01 ceph]#