kubernetes ceph-rbd掛載步驟 類型storageClass

由於kubelet本身並不支持rbd的命令，所以需要添加一個kube系統插件:

 下載插件 quay.io/external_storage/rbd-provisioner

下載地址： 

https://quay.io/repository/external_storage/rbd-provisioner?tag=latest&tab=tags

在k8s集群的node上面下載 docker pull quay.io/external_storage/rbd-provisioner:latest

只安裝插件本身會報錯:需要安裝kube的角色和權限 以下是下載地址：

https://github.com/kubernetes-incubator/external-storage  

https://github.com/kubernetes-incubator/external-storage/tree/master/ceph/rbd/deploy/rbac #下載kube的role的yaml文件

下載rbac文件夾：

使用：  kubectl  apply  -f rbac/

運行rbd-provisioner

如果報錯：

報錯因為rbd-provisioner的鏡像中不能找到ceph的key和conf，需要把集群中key和conf拷貝進rbd-provisioner的鏡像。

找到rbd-provisioner的鏡像運行節點

docker cp  /etc/ceph/ceph.client.admin.keyring  <鏡像名>：/etc/ceph/

docker cp  /etc/ceph/ceph.conf  <鏡像名>：/etc/ceph/

如果又報錯：

一直處於Pending，因為linux內核不支持 image format 1，所以我們要在sc中加入新建鏡像時給他規定鏡像的格式為2

在stroageclass中添加：

                                    imageFormat: "2"

                                    imageFeatures: "layering"

這樣pvc就創建成功：

 

安裝插件及角色（rbac）：

#clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-provisioner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["list", "watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["kube-dns"]
    verbs: ["list", "get"]
#clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rbd-provisioner
subjects:
  - kind: ServiceAccount
    name: rbd-provisioner
    namespace: default
roleRef:
  kind: ClusterRole
  name: rbd-provisioner
  apiGroup: rbac.authorization.k8s.io
#deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: rbd-provisioner
spec:
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: rbd-provisioner
    spec:
      containers:
      - name: rbd-provisioner
        image: "quay.io/external_storage/rbd-provisioner:latest"
        env:
        - name: PROVISIONER_NAME
          value: ceph.com/rbd    #定義插件的名字
      serviceAccount: rbd-provisioner
#role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: rbd-provisioner
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
#rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rbd-provisioner
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: rbd-provisioner
subjects:
- kind: ServiceAccount
  name: rbd-provisioner
  namespace: default
#serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rbd-provisioner

　　

創建storageClass：

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: rbd 
provisioner: ceph.com/rbd    #使用插件來生成sc
parameters:
  monitors: 10.101.3.9:6789,10.101.3.11:6789,10.101.3.12:6789
  adminId: admin
  adminSecretName: ceph-k-secret
  adminSecretNamespace: default  #這里使用default 如果使用其他就要修改還要修改插件中的
  pool: rbd
  userId: admin
  userSecretName: ceph-k-secret
  fsType: ext4
  imageFormat: "2"
  imageFeatures: "layering"

　　

創建PVC：

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: ceph-rbd-dyn-pv-claim
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: rbd
  resources:
    requests:
      storage: 1Gi