StorageClass & PV & PVC关系图
-
Volumes是最基础的存储抽象,其支持多种类型,包括本地存储、NFS、FC以及众多的云存储,我们也可以编写自己的存储插件来支持特定的存储系统。Volume可以被Pod直接使用,也可以被PV使用。普通的Volume和Pod之间是一种静态的绑定关系,在定义Pod的同时,通过volume属性来定义存储的类型,通过volumeMount来定义容器内的挂载点。
-
PersistentVolume。与普通的Volume不同,PV是Kubernetes中的一个资源对象,创建一个PV相当于创建了一个存储资源对象,这个资源的使用要通过PVC来请求。
-
PersistentVolumeClaim。PVC是用户对存储资源PV的请求,根据PVC中指定的条件Kubernetes动态的寻找系统中的PV资源并进行绑定。目前PVC与PV匹配可以通过StorageClassName、matchLabels或者matchExpressions三种方式。
-
StorageClass。存储类,目前kubernetes支持很多存储,例如ceph,nfs,glusterfs等等。。。
接下来,本文使用前文《手把手教你使用rpm部署ceph集群》创建好的ceph集群来为kubernetes提供存储。
创建存储类
1、获取admin key
grep key /etc/ceph/ceph.client.admin.keyring |awk '{printf "%s", $NF }'|base64
QVFCZ2ZZOWJ1dGdBQ0JBQXN5dGdLZ1BFOGlsblIzWjJqNVVKMUE9PQ==
2、写入 ceph-secret-admin.yaml
apiVersion: v1
kind: Secret
metadata:
name: ceph-secret-admin
type: "kubernetes.io/rbd"
data:
key: QVFCZ2ZZOWJ1dGdBQ0JBQXN5dGdLZ1BFOGlsblIzWjJqNVVKMUE9PQ==
3、创建secret
kubectl apply -f ceph-secret-admin.yaml
kubectl get secret
NAME TYPE DATA AGE
ceph-secret-admin kubernetes.io/rbd 1 6m
4、 修改 rbd-storage-class.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: rbd
provisioner: kubernetes.io/rbd
parameters:
monitors: 192.168.100.100:6789,192.168.100.101:6789,192.168.100.102:6789
adminId: admin
adminSecretName: ceph-secret-admin
adminSecretNamespace: default
pool: k8s
userId: admin
userSecretName: ceph-secret-admin
userSecretNamespace: default
fsType: ext4
imageFormat: "2"
imageFeatures: "layering"
5、创建storage class
kubectl apply -f rbd-storage-class.yaml
[root@qd01-stop-cloud001 rbd]# kubectl get sc
NAME PROVISIONER AGE
rbd kubernetes.io/rbd 4m
创建PVC & PV
6、创建pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: claim
namespace: default
spec:
accessModes:
- ReadWriteOnce
storageClassName: rbd
resources:
requests:
storage: 1Gi
7、查看pvc,显示状态为Bound表示成功
kubectl apply -f pvc.yaml
kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
claim Bound pvc-130c2445-b4a5-11e8-9d27-782bcb3bb379 1Gi RWO slow 13m
测试验证
8、创建pod.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: server
spec:
replicas: 1
selector:
role: server
template:
metadata:
labels:
role: server
spec:
containers:
- name: server
image: nginx
volumeMounts:
- mountPath: /var/lib/www/html
name: mypvc
volumes:
- name: mypvc
persistentVolumeClaim:
claimName: claim
9、查看挂载存储
/dev/rbd0 1G 9.1M 0.98G 1% /var/lib/kubelet/plugins/kubernetes.io/rbd/mounts/k8s-image-kubernetes-dynamic-pvc-198f56b3-b4a5-11e8-97eb-782bcb3bb379
错误处理
如果出错failed to create rbd image: executable file not found in $PATH
参考https://blog.csdn.net/aixiaoyang168/article/details/79120095
可以使用下面的项目来创建存储类
使用external-storage创建存储类
$ git clone https://github.com/kubernetes-incubator/external-storage.git
$ tree external-storage/ceph/rbd/deploy/
├── README.md
├── non-rbac
│ └── deployment.yaml
└── rbac
├── clusterrole.yaml
├── clusterrolebinding.yaml
├── deployment.yaml
└── serviceaccount.yaml
Install without RBAC roles:
cd $GOPATH/src/github.com/kubernetes-incubator/external-storage/ceph/rbd/deploy
kubectl apply -f ./non-rbac
Install with RBAC roles:
cd $GOPATH/src/github.com/kubernetes-incubator/external-storage/ceph/rbd/deploy
NAMESPACE=default # change this if you want to deploy it in another namespace
sed -r -i "s/namespace: [^ ]+/namespace: $NAMESPACE/g" ./rbac/clusterrolebinding.yaml ./rbac/rolebinding.yaml
kubectl -n $NAMESPACE apply -f ./rbac
如果secret和provisioner不在同一个namespace中的话,获取secret权限不够。
解决方法:
以下文件添加secrets的权限
external-storage/ceph/rbd/deploy/rbac/clusterrole.yaml
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "create", "delete"]