kubernetes-notes
  • 目录
    • 序言
  • 云原生体系
    • 12-Factor
    • K8S知识体系
  • 安装与配置
    • 部署k8s集群
      • 使用kubeadm安装生产环境kubernetes
      • 使用kubespray安装kubernetes
      • 使用minikube安装kubernetes
      • 使用kind安装kubernetes
    • k8s证书及秘钥
    • k8s版本说明
  • 基本概念
    • kubernetes架构
      • Kubernetes总架构图
      • 基于Docker及Kubernetes技术构建容器云(PaaS)平台概述
    • kubernetes对象
      • 理解kubernetes对象
      • kubernetes常用对象说明
    • Pod
      • Pod介绍
      • Pod定义文件
      • Pod生命周期
      • Pod健康检查
      • Pod存储卷
      • Pod控制器
      • Pod伸缩与升级
    • 配置
      • ConfigMap
    • Workload
  • 核心原理
    • 核心组件
      • Api Server
      • Controller Manager
      • Scheduler
      • Kubelet
    • 流程图
      • Pod创建流程
      • PVC创建流程
  • 容器网络
    • Docker网络
    • K8S网络
    • 网络插件
      • Flannel介绍
    • CNI
      • CNI接口介绍
      • Macvlan介绍
  • 容器存储
    • 存储卷概念
      • Volume
      • Persistent Volume
      • Persistent Volume Claim
      • Storage Class
      • Dynamic Volume Provisioning
    • CSI
      • csi-cephfs-plugin
      • 部署csi-cephfs
      • 部署cephfs-provisioner
      • FlexVolume介绍
  • 资源隔离
    • 资源配额
    • Pod限额
    • 资源服务质量
    • Lxcfs资源视图隔离
  • 运维指南
    • kubectl工具
      • kubectl安装与配置
      • kubectl命令说明
      • kubectl命令别名
    • kubernetes集群问题排查
    • 节点调度
      • 安全迁移节点
      • 指定Node调度与隔离
    • 镜像仓库配置
      • 配置私有的镜像仓库
      • 拉取私有镜像
  • 开发指南
    • client-go的使用及源码分析
    • CSI插件开发
      • nfs-client-provisioner源码分析
      • csi-provisioner源码分析
    • operator开发
      • kubebuilder的使用
  • 问题排查
    • 节点相关问题
      • keycreate permission denied
      • Cgroup不支持pid资源
      • Cgroup子系统无法挂载
    • Pod驱逐
    • 镜像拉取失败问题
    • PVC Terminating
  • 源码分析
    • Kubernetes源码分析笔记
    • kubelet
      • NewKubeletCommand
      • NewMainKubelet
      • startKubelet
      • syncLoopIteration
      • syncPod
    • kube-controller-manager
      • NewControllerManagerCommand
      • DeploymentController
      • Informer机制
    • kube-scheduler
      • NewSchedulerCommand
      • registerAlgorithmProvider
      • scheduleOne
      • findNodesThatFit
      • PrioritizeNodes
      • preempt
    • kube-apiserver
      • NewAPIServerCommand
  • Runtime
    • Runtime
      • Runc和Containerd概述
    • Containerd
      • 安装Containerd
    • Docker
      • Docker学习笔记
    • Kata Container
      • kata容器简介
      • kata配置
    • GPU
      • nvidia-device-plugin介绍
  • Etcd
    • Etcd介绍
    • Raft算法
    • Etcd启动配置参数
    • Etcd访问控制
    • etcdctl命令工具
      • etcdctl命令工具-V3
      • etcdctl命令工具-V2
    • Etcd中的k8s数据
    • Etcd-Operator的使用
  • 多集群管理
    • k8s多集群管理的思考
    • Virtual Kubelet
      • Virtual Kubelet介绍
      • Virtual Kubelet 命令
    • Karmada
      • Karmada介绍
  • 边缘容器
    • KubeEdge介绍
    • KubeEdge源码分析
      • cloudcore
      • edgecore
    • OpenYurt部署
  • 虚拟化
    • 虚拟化相关概念
    • KubeVirt
      • KubeVirt的介绍
      • KubeVirt的使用
  • 监控体系
    • 监控体系介绍
    • cAdvisor介绍
    • Heapster介绍
    • Influxdb介绍
由 GitBook 提供支持

www.huweihuang.com

在本页
  • 1. 安装cephfs客户端
  • 2. 部署RBAC
  • 2.1. ClusterRole
  • 2.2. ClusterRoleBinding
  • 2.3. Role
  • 2.4. RoleBinding
  • 2.5. ServiceAccount
  • 3. 部署 cephfs-provisioner
  • 4. 部署storageclass
  • 5. 部署statefulset
  • 6. 日志
  • 6.1. cephfs-provisoner 执行日志
  • 6.2. debug 日志

这有帮助吗?

在GitHub上编辑
  1. 容器存储
  2. CSI

部署cephfs-provisioner

1. 安装cephfs客户端

所有node节点安装cephfs客户端,主要用来和ceph集群挂载使用。

yum install -y ceph-common

2. 部署RBAC

2.1. ClusterRole

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cephfs-provisioner
  namespace: cephfs
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["kube-dns","coredns"]
    verbs: ["list", "get"]

2.2. ClusterRoleBinding

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cephfs-provisioner
subjects:
  - kind: ServiceAccount
    name: cephfs-provisioner
    namespace: cephfs
roleRef:
  kind: ClusterRole
  name: cephfs-provisioner
  apiGroup: rbac.authorization.k8s.io

2.3. Role

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: cephfs-provisioner
  namespace: cephfs
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["create", "get", "delete"]
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]

2.4. RoleBinding

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: cephfs-provisioner
  namespace: cephfs
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: cephfs-provisioner
subjects:
- kind: ServiceAccount
  name: cephfs-provisioner

2.5. ServiceAccount

apiVersion: v1
kind: ServiceAccount
metadata:
  name: cephfs-provisioner
  namespace: cephfs

3. 部署 cephfs-provisioner

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: cephfs-provisioner
  namespace: cephfs
spec:
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: cephfs-provisioner
    spec:
      containers:
      - name: cephfs-provisioner
        image: "quay.io/external_storage/cephfs-provisioner:latest"
        resources:
          limits:
            cpu: 500m
            memory: 512Mi
          requests:
            cpu: 100m
            memory: 64Mi        
        env:
        - name: PROVISIONER_NAME                # 与storageclass的provisioner参数相同
          value: ceph.com/cephfs
        - name: PROVISIONER_SECRET_NAMESPACE    # 与rbac的namespace相同
          value: cephfs
        command:
        - "/usr/local/bin/cephfs-provisioner"
        args:
        - "-id=cephfs-provisioner-1"
      serviceAccount: cephfs-provisioner

4. 部署storageclass

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
   name: cephfs-provisioner-sc
provisioner: ceph.com/cephfs
volumeBindingMode: WaitForFirstConsumer
parameters:
  monitors: 192.168.27.43:6789,192.168.27.44:6789,192.168.27.45:6789
  adminId: admin
  adminSecretName: csi-cephfs-secret
  adminSecretNamespace: "kube-csi"
  claimRoot: /pvc-volumes

5. 部署statefulset

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: cephfs-provisioner-nginx
spec:
  serviceName: "nginx"
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest   #nginx的镜像
        imagePullPolicy: IfNotPresent
        volumeMounts:
        - mountPath: "/mnt"      #容器里面的挂载目录,该目录挂载到NFS的共享目录上
          name: test
  volumeClaimTemplates:
  - metadata:
      name: test
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 2Gi
      storageClassName: cephfs-provisioner-sc

6. 日志

6.1. cephfs-provisoner 执行日志

I0327 07:18:19.742239       1 controller.go:987] provision "default/test-cephfs-ngx-wait-22-0" class "cephfs-provisioner-sc": started
I0327 07:18:19.745239       1 event.go:221] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"test-cephfs-ngx-wait-22-0", UID:"7f6b60d5-5060-11e9-9a9c-c81f66bcff65", APIVersion:"v1", ResourceVersion:"347214256", FieldPath:""}): type: 'Normal' reason: 'Provisioning' External provisioner is provisioning volume for claim "default/test-cephfs-ngx-wait-22-0"
I0327 07:18:23.281277       1 cephfs-provisioner.go:222] successfully created CephFS share &CephFSPersistentVolumeSource{Monitors:[192.168.27.43:6789 192.168.27.44:6789 192.168.27.45:6789],Path:/pvc-volumes/kubernetes/kubernetes-dynamic-pvc-7f7cb62f-5060-11e9-85c0-0adb8ef08100,User:kubernetes-dynamic-user-7f7cb69f-5060-11e9-85c0-0adb8ef08100,SecretFile:,SecretRef:&SecretReference{Name:ceph-kubernetes-dynamic-user-7f7cb69f-5060-11e9-85c0-0adb8ef08100-secret,Namespace:default,},ReadOnly:false,}
I0327 07:18:23.281371       1 controller.go:1087] provision "default/test-cephfs-ngx-wait-22-0" class "cephfs-provisioner-sc": volume "pvc-7f6b60d5-5060-11e9-9a9c-c81f66bcff65" provisioned
I0327 07:18:23.281415       1 controller.go:1101] provision "default/test-cephfs-ngx-wait-22-0" class "cephfs-provisioner-sc": trying to save persistentvvolume "pvc-7f6b60d5-5060-11e9-9a9c-c81f66bcff65"
I0327 07:18:23.284621       1 controller.go:1108] provision "default/test-cephfs-ngx-wait-22-0" class "cephfs-provisioner-sc": persistentvolume "pvc-7f6b60d5-5060-11e9-9a9c-c81f66bcff65" saved
I0327 07:18:23.284723       1 controller.go:1149] provision "default/test-cephfs-ngx-wait-22-0" class "cephfs-provisioner-sc": succeeded
I0327 07:18:23.284810       1 event.go:221] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"test-cephfs-ngx-wait-22-0", UID:"7f6b60d5-5060-11e9-9a9c-c81f66bcff65", APIVersion:"v1", ResourceVersion:"347214256", FieldPath:""}): type: 'Normal' reason: 'ProvisioningSucceeded' Successfully provisioned volume pvc-7f6b60d5-5060-11e9-9a9c-c81f66bcff65

6.2. debug 日志

I0327 08:08:11.789608       1 controller.go:987] provision "default/test-cephfs-ngx-wait-44-0" class "cephfs-sc-wait": started
I0327 08:08:11.793258       1 event.go:221] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"test-cephfs-ngx-wait-44-0", UID:"81846859-5067-11e9-9a9c-c81f66bcff65", APIVersion:"v1", ResourceVersion:"347237916", FieldPath:""}): type: 'Normal' reason: 'Provisioning' External provisioner is provisioning volume for claim "default/test-cephfs-ngx-wait-44-0"
E0327 08:08:12.164705       1 cephfs-provisioner.go:158] failed to provision share "kubernetes-dynamic-pvc-76ecdc5a-5067-11e9-9421-2a1b1be1aeef" for "kubernetes-dynamic-user-76ecdcee-5067-11e9-9421-2a1b1be1aeef", err: exit status 1, output: Traceback (most recent call last):
  File "/usr/local/bin/cephfs_provisioner", line 364, in <module>
    main()
  File "/usr/local/bin/cephfs_provisioner", line 358, in main
    print cephfs.create_share(share, user, size=size)
  File "/usr/local/bin/cephfs_provisioner", line 228, in create_share
    volume = self.volume_client.create_volume(volume_path, size=size, namespace_isolated=not self.ceph_namespace_isolation_disabled)
  File "/usr/local/bin/cephfs_provisioner", line 112, in volume_client
    self._volume_client.connect(None)
  File "/lib/python2.7/site-packages/ceph_volume_client.py", line 458, in connect
    self.rados.connect()
  File "rados.pyx", line 895, in rados.Rados.connect (/home/jenkins-build/build/workspace/ceph-build/ARCH/x86_64/AVAILABLE_ARCH/x86_64/AVAILABLE_DIST/centos7/DIST/centos7/MACHINE_SIZE/huge/release/13.2.1/rpm/el7/BUILD/ceph-13.2.1/build/src/pybind/rados/pyrex/rados.c:9815)
rados.IOError: [errno 5] error connecting to the cluster
W0327 08:08:12.164908       1 controller.go:746] Retrying syncing claim "default/test-cephfs-ngx-wait-44-0" because failures 2 < threshold 15
E0327 08:08:12.164977       1 controller.go:761] error syncing claim "default/test-cephfs-ngx-wait-44-0": failed to provision volume with StorageClass "cephfs-sc-wait": exit status 1
I0327 08:08:12.165974       1 event.go:221] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"test-cephfs-ngx-wait-44-0", UID:"81846859-5067-11e9-9a9c-c81f66bcff65", APIVersion:"v1", ResourceVersion:"347237916", FieldPath:""}): type: 'Warning' reason: 'ProvisioningFailed' failed to provision volume with StorageClass "cephfs-sc-wait": exit status 1

参考

  • https://github.com/kubernetes-incubator/external-storage/tree/master/ceph/cephfs/deploy

上一页部署csi-cephfs下一页FlexVolume介绍

最后更新于2年前

这有帮助吗?