由于kubelet本身并不支持rbd的命令,所以需要添加一个kube系统插件:
下载插件 quay.io/external_storage/rbd-provisioner
下载地址:
https://quay.io/repository/external_storage/rbd-provisioner?tag=latest&tab=tags
在k8s集群的node上面下载 docker pull quay.io/external_storage/rbd-provisioner:latest
只安装插件本身会报错:需要安装kube的角色和权限 以下是下载地址:
https://github.com/kubernetes-incubator/external-storage
https://github.com/kubernetes-incubator/external-storage/tree/master/ceph/rbd/deploy/rbac #下载kube的role的yaml文件
下载rbac文件夹:
使用: kubectl apply -f rbac/
运行rbd-provisioner
如果报错:
报错因为rbd-provisioner的镜像中不能找到ceph的key和conf,需要把集群中key和conf拷贝进rbd-provisioner的镜像。
找到rbd-provisioner的镜像运行节点
docker cp /etc/ceph/ceph.client.admin.keyring <镜像名>:/etc/ceph/
docker cp /etc/ceph/ceph.conf <镜像名>:/etc/ceph/
如果又报错:
一直处于Pending,因为linux内核不支持 image format 1,所以我们要在sc中加入新建镜像时给他规定镜像的格式为2
在stroageclass中添加:
imageFormat: "2"
imageFeatures: "layering"
这样pvc就创建成功:
安装插件及角色(rbac):
#clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbd-provisioner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["services"]
resourceNames: ["kube-dns"]
verbs: ["list", "get"]
#clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbd-provisioner
subjects:
- kind: ServiceAccount
name: rbd-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: rbd-provisioner
apiGroup: rbac.authorization.k8s.io
#deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: rbd-provisioner
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: rbd-provisioner
spec:
containers:
- name: rbd-provisioner
image: "quay.io/external_storage/rbd-provisioner:latest"
env:
- name: PROVISIONER_NAME
value: ceph.com/rbd #定义插件的名字
serviceAccount: rbd-provisioner
#role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: rbd-provisioner
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
#rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rbd-provisioner
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rbd-provisioner
subjects:
- kind: ServiceAccount
name: rbd-provisioner
namespace: default
#serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: rbd-provisioner
创建storageClass:
kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: rbd provisioner: ceph.com/rbd #使用插件来生成sc parameters: monitors: 10.101.3.9:6789,10.101.3.11:6789,10.101.3.12:6789 adminId: admin adminSecretName: ceph-k-secret adminSecretNamespace: default #这里使用default 如果使用其他就要修改还要修改插件中的 pool: rbd userId: admin userSecretName: ceph-k-secret fsType: ext4 imageFormat: "2" imageFeatures: "layering"
创建PVC:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ceph-rbd-dyn-pv-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: rbd
resources:
requests:
storage: 1Gi