K8s 使用 CephFS 作为后端存储（静态供给、动态供给）

一、K8s 使用 CephFS

CephFS是 Ceph 中基于RADOS（可扩展分布式对象存储）构建，通过将文件数据划分为对象并分布到集群中的多个存储节点上来实现高可用性和可扩展性。

首先所有 k8s 节点都需要安装 ceph-common 工具：

yum -y install epel-release ceph-common

二、静态供给方式

静态供给方式需要提前创建好 CephFS 给到 K8s 使用。

2.1 在 Ceph 中创建 FS 和授权用户

创建存储池：

# 数据存储池
ceph osd pool create cephfs_data_pool 16# 元数据存储池
ceph osd pool create ceph_metadata_pool 8

创建 FS ：

ceph fs new k8s-cephfs cephfs_data_pool ceph_metadata_pool

创建用户 fs-user 并授权存储池 cephfs_data_pool

查看 admin 用户秘钥：

ceph auth get-key client.admin

在这里插入图片描述

2.2 在 k8s 中创建 secret

export ADMIN_USER_SECRET='AQDdUB9mcTI3LRAAOBpt3e7AH5v9fiMtHKQpqA=='kubectl create secret generic ceph-admin-default-secret --type="kubernetes.io/rbd" \
--from-literal=key=$ADMIN_USER_SECRET \
--namespace=default

在这里插入图片描述

2.3 pod 直接使用 CephFS 存储

vi cephfs-test-pod.yml

apiVersion: v1
kind: Pod
metadata:name: cephfs-test-pod
spec:containers:- name: nginximage: nginximagePullPolicy: IfNotPresentvolumeMounts:- name: data-volumemountPath: /usr/share/nginx/html/volumes:- name: data-volumecephfs:monitors: ["11.0.1.140:6789"]path: /user: adminsecretRef:name: ceph-admin-default-secret

kubectl apply -f cephfs-test-pod.yml

查看 pod ：

kubectl get pods

在这里插入图片描述

可以进到 pod 中查看分区情况：

kubectl exec -it cephfs-test-pod -- /bin/bashdf -hl

在这里插入图片描述

2.4 创建 `PV` 使用 `CephFS` 存储

vi cephfs-test-pv.yml

apiVersion: v1
kind: PersistentVolume
metadata:name: cephfs-test-pv
spec:accessModes: ["ReadWriteOnce"]capacity:storage: 2GipersistentVolumeReclaimPolicy: Retaincephfs:monitors: ["11.0.1.140:6789"]path: /user: adminsecretRef:name: ceph-admin-default-secret

kubectl apply -f cephfs-test-pv.yml

在这里插入图片描述

创建 PVC 绑定 PV ：

vi cephfs-test-pvc.yml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: cephfs-test-pvc
spec:accessModes: ["ReadWriteOnce"]resources:requests:storage: 2Gi

kubectl apply -f cephfs-test-pvc.yml

查看 pvc 和 pv ：

kubectl get pvckubectl get pv

在这里插入图片描述

测试 pod 挂载 pvc：

vi cephfs-test-pod1.yml

apiVersion: v1
kind: Pod
metadata:name: cephfs-test-pod1
spec:containers:- name: nginximage: nginximagePullPolicy: IfNotPresentvolumeMounts:- name: data-volumemountPath: /usr/share/nginx/html/volumes:- name: data-volumepersistentVolumeClaim:claimName: cephfs-test-pvcreadOnly: false

kubectl apply -f cephfs-test-pod1.yml

查看 pod ：

kubectl get pods

在这里插入图片描述

三、动态供给方式

由于官方没有提供cephfs动态卷支持，这里使用社区提供的cephfs-provisioner 插件实现动态供给：

vi external-storage-cephfs-provisioner.yml

apiVersion: v1
kind: ServiceAccount
metadata:name: cephfs-provisionernamespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: cephfs-provisioner
rules:- apiGroups: [""]resources: ["persistentvolumes"]verbs: ["get", "list", "watch", "create", "delete"]- apiGroups: [""]resources: ["persistentvolumeclaims"]verbs: ["get", "list", "watch", "update"]- apiGroups: ["storage.k8s.io"]resources: ["storageclasses"]verbs: ["get", "list", "watch"]- apiGroups: [""]resources: ["events"]verbs: ["create", "update", "patch"]- apiGroups: [""]resources: ["endpoints"]verbs: ["get", "list", "watch", "create", "update", "patch"]- apiGroups: [""]resources: ["secrets"]verbs: ["create", "get", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: cephfs-provisioner
subjects:- kind: ServiceAccountname: cephfs-provisionernamespace: kube-system
roleRef:kind: ClusterRolename: cephfs-provisionerapiGroup: rbac.authorization.k8s.io---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:name: cephfs-provisionernamespace: kube-system
rules:- apiGroups: [""]resources: ["secrets"]verbs: ["create", "get", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:name: cephfs-provisionernamespace: kube-system
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: cephfs-provisioner
subjects:
- kind: ServiceAccountname: cephfs-provisionernamespace: kube-system---
apiVersion: apps/v1
kind: Deployment
metadata:name: cephfs-provisionernamespace: kube-system
spec:selector:matchLabels:app: cephfs-provisionerreplicas: 1strategy:type: Recreatetemplate:metadata:labels:app: cephfs-provisionerspec:containers:- name: cephfs-provisionerimage: "registry.cn-chengdu.aliyuncs.com/ives/cephfs-provisioner:latest"env:- name: PROVISIONER_NAMEvalue: ceph.com/cephfscommand:- "/usr/local/bin/cephfs-provisioner"args:- "-id=cephfs-provisioner-1"serviceAccount: cephfs-provisioner

kubectl apply -f external-storage-cephfs-provisioner.yml

查看 pod：

kubectl get pods -n kube-system

在这里插入图片描述

3.1 创建 StorageClass

vi cephfs-sc.yml

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:name: dynamic-cephfs
provisioner: ceph.com/cephfs
parameters:monitors: 11.0.1.140:6789adminId: adminadminSecretName: ceph-admin-default-secretadminSecretNamespace: defaultclaimRoot: /volumes/kubernetes

kubectl apply -f cephfs-sc.yml

查看 SC：

kubectl get sc

在这里插入图片描述

3.4 测试创建 PVC

vi cephfs-pvc1.yml

kind: PersistentVolumeClaim
apiVersion: v1
metadata:name: cephfs-pvc1
spec:accessModes:     - ReadWriteOncestorageClassName: dynamic-cephfsresources:requests:storage: 2Gi

kubectl apply -f cephfs-pvc1.yml

查看 pvc：

kubectl get pvc

在这里插入图片描述

创建 pod 使用上面 pvc ：

vi cephfs-test-pod2.yml

apiVersion: v1
kind: Pod
metadata:name: cephfs-test-pod2
spec:containers:- name: nginximage: nginximagePullPolicy: IfNotPresentvolumeMounts:- name: data-volumemountPath: /usr/share/nginx/html/volumes:- name: data-volumepersistentVolumeClaim:claimName: cephfs-pvc1readOnly: false

kubectl apply -f cephfs-test-pod2.yml

查看 pod ：

kubectl get pods

在这里插入图片描述

3.5 测试使用 volumeClaimTemplates 动态创建 pv 和 pvc

vi mysql.yml

# headless service 
apiVersion: v1
kind: Service
metadata:name: mysql-hlnamespace: mysqllabels:app: mysql-hl
spec:clusterIP: Noneports:- name: mysql-portport: 3306selector:app: mysql---
# NodePort service 
apiVersion: v1
kind: Service
metadata:name: mysql-npnamespace: mysqllabels:app: mysql-np
spec:clusterIP: ports:- name: master-portport: 3306nodePort: 31306targetPort: 3306selector:app: mysqltype: NodePorttarget-port:externalTrafficPolicy: Cluster ---
apiVersion: apps/v1
kind: StatefulSet
metadata:name: mysql
spec:serviceName: "mysql-hl"replicas: 1selector: matchLabels: app: mysqltemplate:metadata:labels:app: mysqlspec:containers:- name: mysqlimage: mysql:8.0.20ports:- containerPort: 3306name: master-portenv:- name: MYSQL_ROOT_PASSWORDvalue: "root"- name: TZvalue: "Asia/Shanghai"volumeMounts:                           - name: mysql-datamountPath: /var/lib/mysql volumeClaimTemplates:- metadata:name: mysql-dataspec:accessModes: ["ReadWriteOnce"]storageClassName: dynamic-cephfsresources:requests:storage: 2Gi