Container Storage Interface (CSI) minangka antarmuka gabungan antarane Kubernetes lan sistem panyimpenan. Kita wis ngomong babagan sedhela
Artikel kasebut nyedhiyakake conto nyata, sanajan rada disederhanakake kanggo gampang dirasakake. Kita ora nganggep nginstal lan ngonfigurasi klompok Ceph lan Kubernetes.
Apa sampeyan kepingin weruh cara kerjane?
Dadi, sampeyan duwe kluster Kubernetes ing pucuk driji, disebarake, contone,
Yen sampeyan duwe kabeh iki, ayo!
Pisanan, ayo pindhah menyang salah sawijining simpul kluster Ceph lan priksa manawa kabeh wis rapi:
ceph health
ceph -s
Sabanjure, kita bakal langsung nggawe blumbang kanggo disk RBD:
ceph osd pool create kube 32
ceph osd pool application enable kube rbd
Ayo pindhah menyang kluster Kubernetes. Ing kana, pisanan, kita bakal nginstal driver Ceph CSI kanggo RBD. Kita bakal nginstal, kaya samesthine, liwat Helm.
Kita nambah repositori kanthi grafik, kita entuk set variabel kanggo grafik ceph-csi-rbd:
helm repo add ceph-csi https://ceph.github.io/csi-charts
helm inspect values ceph-csi/ceph-csi-rbd > cephrbd.yml
Saiki sampeyan kudu ngisi file cephrbd.yml. Kanggo nindakake iki, goleki ID kluster lan alamat IP monitor ing Ceph:
ceph fsid # ΡΠ°ΠΊ ΠΌΡ ΡΠ·Π½Π°Π΅ΠΌ clusterID
ceph mon dump # Π° ΡΠ°ΠΊ ΡΠ²ΠΈΠ΄ΠΈΠΌ IP-Π°Π΄ΡΠ΅ΡΠ° ΠΌΠΎΠ½ΠΈΡΠΎΡΠΎΠ²
Kita ketik nilai sing dipikolehi menyang file cephrbd.yml. Ing wektu sing padha, kita ngaktifake nggawe kabijakan PSP (Pod Security Policies). Pilihan ing bagean nodeplugin ΠΈ panyedhiya wis ana ing file, bisa didandani kaya ing ngisor iki:
csiConfig:
- clusterID: "bcd0d202-fba8-4352-b25d-75c89258d5ab"
monitors:
- "v2:172.18.8.5:3300/0,v1:172.18.8.5:6789/0"
- "v2:172.18.8.6:3300/0,v1:172.18.8.6:6789/0"
- "v2:172.18.8.7:3300/0,v1:172.18.8.7:6789/0"
nodeplugin:
podSecurityPolicy:
enabled: true
provisioner:
podSecurityPolicy:
enabled: true
Sabanjure, sing isih ana kanggo kita yaiku nginstal grafik ing kluster Kubernetes.
helm upgrade -i ceph-csi-rbd ceph-csi/ceph-csi-rbd -f cephrbd.yml -n ceph-csi-rbd --create-namespace
Apik, driver RBD bisa digunakake!
Ayo nggawe StorageClass anyar ing Kubernetes. Iki maneh mbutuhake dicokot saka tinkering karo Ceph.
Kita nggawe pangguna anyar ing Ceph lan menehi hak kanggo nulis menyang blumbang kubus:
ceph auth get-or-create client.rbdkube mon 'profile rbd' osd 'profile rbd pool=kube'
Saiki ayo ndeleng kunci akses isih ana:
ceph auth get-key client.rbdkube
Printah kasebut bakal ngasilake kaya iki:
AQCO9NJbhYipKRAAMqZsnqqS/T8OYQX20xIa9A==
Ayo nambahake nilai iki menyang Rahasia ing kluster Kubernetes - ing ngendi kita butuh userKey:
---
apiVersion: v1
kind: Secret
metadata:
name: csi-rbd-secret
namespace: ceph-csi-rbd
stringData:
# ΠΠ½Π°ΡΠ΅Π½ΠΈΡ ΠΊΠ»ΡΡΠ΅ΠΉ ΡΠΎΠΎΡΠ²Π΅ΡΡΡΠ²ΡΡΡ ΠΈΠΌΠ΅Π½ΠΈ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ ΠΈ Π΅Π³ΠΎ ΠΊΠ»ΡΡΡ, ΠΊΠ°ΠΊ ΡΠΊΠ°Π·Π°Π½ΠΎ Π²
# ΠΊΠ»Π°ΡΡΠ΅ΡΠ΅ Ceph. ID ΡΠ·Π΅ΡΠ° Π΄ΠΎΠ»ΠΆΠ΅Π½ ΠΈΠΌΠ΅ΡΡ Π΄ΠΎΡΡΡΠΏ ΠΊ ΠΏΡΠ»Ρ,
# ΡΠΊΠ°Π·Π°Π½Π½ΠΎΠΌΡ Π² storage class
userID: rbdkube
userKey: <user-key>
Lan kita nggawe rahasia kita:
kubectl apply -f secret.yaml
Sabanjure, kita butuh manifest StorageClass kaya iki:
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-rbd-sc
provisioner: rbd.csi.ceph.com
parameters:
clusterID: <cluster-id>
pool: kube
imageFeatures: layering
# ΠΡΠΈ ΡΠ΅ΠΊΡΠ΅ΡΡ Π΄ΠΎΠ»ΠΆΠ½Ρ ΡΠΎΠ΄Π΅ΡΠΆΠ°ΡΡ Π΄Π°Π½Π½ΡΠ΅ Π΄Π»Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ
# Π² Π²Π°Ρ ΠΏΡΠ».
csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret
csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-rbd
csi.storage.k8s.io/controller-expand-secret-name: csi-rbd-secret
csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-rbd
csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret
csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-rbd
csi.storage.k8s.io/fstype: ext4
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
- discard
Perlu diisi clusterID, sing wis kita sinau dening tim ceph fsid, lan aplikasi manifest iki menyang cluster Kubernetes:
kubectl apply -f storageclass.yaml
Kanggo mriksa carane klompok bisa bebarengan, ayo nggawe PVC ing ngisor iki (Persistent Volume Claim):
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rbd-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: csi-rbd-sc
Ayo langsung ndeleng kepiye Kubernetes nggawe volume sing dijaluk ing Ceph:
kubectl get pvc
kubectl get pv
Kabeh katon apik! Apa iki katon ing sisih Ceph?
Kita entuk dhaptar volume ing blumbang lan ndeleng informasi babagan volume:
rbd ls -p kube
rbd -p kube info csi-vol-eb3d257d-8c6c-11ea-bff5-6235e7640653 # ΡΡΡ, ΠΊΠΎΠ½Π΅ΡΠ½ΠΎ ΠΆΠ΅, Π±ΡΠ΄Π΅Ρ Π΄ΡΡΠ³ΠΎΠΉ ID ΡΠΎΠΌΠ°, ΠΊΠΎΡΠΎΡΡΠΉ Π²ΡΠ΄Π°Π»Π° ΠΏΡΠ΅Π΄ΡΠ΄ΡΡΠ°Ρ ΠΊΠΎΠΌΠ°Π½Π΄Π°
Saiki ayo ndeleng cara ngowahi ukuran volume RBD.
Ganti ukuran volume ing manifest pvc.yaml dadi 2Gi lan aplikasi:
kubectl apply -f pvc.yaml
Ayo ngenteni owah-owahan ditrapake lan deleng maneh ukuran volume.
rbd -p kube info csi-vol-eb3d257d-8c6c-11ea-bff5-6235e7640653
kubectl get pv
kubectl get pvc
Kita weruh yen ukuran PVC ora diganti. Kanggo ngerteni sebabe, sampeyan bisa takon Kubernetes kanggo katrangan YAML saka PVC:
kubectl get pvc rbd-pvc -o yaml
Mangkene masalahe:
pesen: Nunggu pangguna kanggo (re-) miwiti pod kanggo ngrampungake ukuran file sistem volume ing simpul. jinis: FileSystemResizePending
Sing, disk wis thukul, nanging sistem file ing iku ora.
Kanggo ngembangake sistem file, sampeyan kudu nambah volume. Ing negara kita, PVC / PV sing digawe saiki ora digunakake kanthi cara apa wae.
Kita bisa nggawe test Pod, contone kaya iki:
---
apiVersion: v1
kind: Pod
metadata:
name: csi-rbd-demo-pod
spec:
containers:
- name: web-server
image: nginx:1.17.6
volumeMounts:
- name: mypvc
mountPath: /data
volumes:
- name: mypvc
persistentVolumeClaim:
claimName: rbd-pvc
readOnly: false
Lan saiki ayo ndeleng PVC:
kubectl get pvc
Ukuran wis diganti, kabeh apik.
Ing bagΓ©yan pisanan, kita kerjo karo piranti pemblokiran RBD (sing tegese Rados Block Piranti), nanging iki ora bisa rampung yen microservices beda kudu bisa karo disk iki bebarengan. CephFS luwih cocog kanggo nggarap file tinimbang gambar disk.
Nggunakake conto klompok Ceph lan Kubernetes, kita bakal ngatur CSI lan entitas liyane sing perlu kanggo nggarap CephFS.
Ayo entuk nilai saka grafik Helm anyar sing dibutuhake:
helm inspect values ceph-csi/ceph-csi-cephfs > cephfs.yml
Maneh sampeyan kudu ngisi file cephfs.yml. Kaya sadurunge, perintah Ceph bakal mbantu:
ceph fsid
ceph mon dump
Isi file kasebut kanthi nilai kaya iki:
csiConfig:
- clusterID: "bcd0d202-fba8-4352-b25d-75c89258d5ab"
monitors:
- "172.18.8.5:6789"
- "172.18.8.6:6789"
- "172.18.8.7:6789"
nodeplugin:
httpMetrics:
enabled: true
containerPort: 8091
podSecurityPolicy:
enabled: true
provisioner:
replicaCount: 1
podSecurityPolicy:
enabled: true
Wigati dimangerteni manawa alamat monitor ditemtokake ing alamat formulir prasaja:port. Kanggo masang cephfs ing simpul, alamat kasebut ditransfer menyang modul kernel, sing durung ngerti cara nggarap protokol monitor v2.
Kita ngganti port kanggo httpMetrics (Prometheus bakal pindhah menyang kana kanggo ngawasi metrik) supaya ora konflik karo nginx-proxy, sing diinstal dening Kubespray. Sampeyan bisa uga ora mbutuhake iki.
Instal bagan Helm ing kluster Kubernetes:
helm upgrade -i ceph-csi-cephfs ceph-csi/ceph-csi-cephfs -f cephfs.yml -n ceph-csi-cephfs --create-namespace
Ayo menyang toko data Ceph kanggo nggawe pangguna sing kapisah ing kana. Dokumentasi kasebut nyatakake yen panyedhiya CephFS mbutuhake hak akses administrator cluster. Nanging kita bakal nggawe pangguna sing kapisah fs kanthi hak winates:
ceph auth get-or-create client.fs mon 'allow r' mgr 'allow rw' mds 'allow rws' osd 'allow rw pool=cephfs_data, allow rw pool=cephfs_metadata'
Lan ayo langsung ndeleng kunci aksese, mengko bakal dibutuhake:
ceph auth get-key client.fs
Ayo nggawe Secret lan StorageClass sing kapisah.
Ora ana sing anyar, kita wis ndeleng iki ing conto RBD:
---
apiVersion: v1
kind: Secret
metadata:
name: csi-cephfs-secret
namespace: ceph-csi-cephfs
stringData:
# ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ Π΄Π»Ρ Π΄ΠΈΠ½Π°ΠΌΠΈΡΠ΅ΡΠΊΠΈ ΡΠΎΠ·Π΄Π°Π²Π°Π΅ΠΌΡΡ
ΡΠΎΠΌΠΎΠ²
adminID: fs
adminKey: <Π²ΡΠ²ΠΎΠ΄ ΠΏΡΠ΅Π΄ΡΠ΄ΡΡΠ΅ΠΉ ΠΊΠΎΠΌΠ°Π½Π΄Ρ>
Aplikasi manifest:
kubectl apply -f secret.yaml
Lan saiki - StorageClass sing kapisah:
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-cephfs-sc
provisioner: cephfs.csi.ceph.com
parameters:
clusterID: <cluster-id>
# ΠΠΌΡ ΡΠ°ΠΉΠ»ΠΎΠ²ΠΎΠΉ ΡΠΈΡΡΠ΅ΠΌΡ CephFS, Π² ΠΊΠΎΡΠΎΡΠΎΠΉ Π±ΡΠ΄Π΅Ρ ΡΠΎΠ·Π΄Π°Π½ ΡΠΎΠΌ
fsName: cephfs
# (Π½Π΅ΠΎΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ) ΠΡΠ» Ceph, Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π±ΡΠ΄ΡΡ Ρ
ΡΠ°Π½ΠΈΡΡΡΡ Π΄Π°Π½Π½ΡΠ΅ ΡΠΎΠΌΠ°
# pool: cephfs_data
# (Π½Π΅ΠΎΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ) Π Π°Π·Π΄Π΅Π»Π΅Π½Π½ΡΠ΅ Π·Π°ΠΏΡΡΡΠΌΠΈ ΠΎΠΏΡΠΈΠΈ ΠΌΠΎΠ½ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ Π΄Π»Ρ Ceph-fuse
# Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ:
# fuseMountOptions: debug
# (Π½Π΅ΠΎΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ) Π Π°Π·Π΄Π΅Π»Π΅Π½Π½ΡΠ΅ Π·Π°ΠΏΡΡΡΠΌΠΈ ΠΎΠΏΡΠΈΠΈ ΠΌΠΎΠ½ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ CephFS Π΄Π»Ρ ΡΠ΄ΡΠ°
# Π‘ΠΌ. man mount.ceph ΡΡΠΎΠ±Ρ ΡΠ·Π½Π°ΡΡ ΡΠΏΠΈΡΠΎΠΊ ΡΡΠΈΡ
ΠΎΠΏΡΠΈΠΉ. ΠΠ°ΠΏΡΠΈΠΌΠ΅Ρ:
# kernelMountOptions: readdir_max_bytes=1048576,norbytes
# Π‘Π΅ΠΊΡΠ΅ΡΡ Π΄ΠΎΠ»ΠΆΠ½Ρ ΡΠΎΠ΄Π΅ΡΠΆΠ°ΡΡ Π΄ΠΎΡΡΡΠΏΡ Π΄Π»Ρ Π°Π΄ΠΌΠΈΠ½Π° ΠΈ/ΠΈΠ»ΠΈ ΡΠ·Π΅ΡΠ° Ceph.
csi.storage.k8s.io/provisioner-secret-name: csi-cephfs-secret
csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-cephfs
csi.storage.k8s.io/controller-expand-secret-name: csi-cephfs-secret
csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-cephfs
csi.storage.k8s.io/node-stage-secret-name: csi-cephfs-secret
csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-cephfs
# (Π½Π΅ΠΎΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ) ΠΡΠ°ΠΉΠ²Π΅Ρ ΠΌΠΎΠΆΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π»ΠΈΠ±ΠΎ ceph-fuse (fuse),
# Π»ΠΈΠ±ΠΎ ceph kernelclient (kernel).
# ΠΡΠ»ΠΈ Π½Π΅ ΡΠΊΠ°Π·Π°Π½ΠΎ, Π±ΡΠ΄Π΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡΡΡ ΠΌΠΎΠ½ΡΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ ΡΠΎΠΌΠΎΠ² ΠΏΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ,
# ΡΡΠΎ ΠΎΠΏΡΠ΅Π΄Π΅Π»ΡΠ΅ΡΡΡ ΠΏΠΎΠΈΡΠΊΠΎΠΌ ceph-fuse ΠΈ mount.ceph
# mounter: kernel
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
- debug
Ayo ngisi kene clusterID lan ditrapake ing Kubernetes:
kubectl apply -f storageclass.yaml
pengawasan
Kanggo mriksa, kaya ing conto sadurunge, ayo nggawe PVC:
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: csi-cephfs-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
storageClassName: csi-cephfs-sc
Lan priksa ananΓ© PVC / PV:
kubectl get pvc
kubectl get pv
Yen sampeyan pengin ndeleng file lan direktori ing CephFS, sampeyan bisa nginstal sistem file iki nang endi wae. Contone kaya ing ngisor iki.
Ayo menyang salah sawijining simpul kluster Ceph lan tindakake tumindak ing ngisor iki:
# Π’ΠΎΡΠΊΠ° ΠΌΠΎΠ½ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ
mkdir -p /mnt/cephfs
# Π‘ΠΎΠ·Π΄Π°ΡΠΌ ΡΠ°ΠΉΠ» Ρ ΠΊΠ»ΡΡΠΎΠΌ Π°Π΄ΠΌΠΈΠ½ΠΈΡΡΡΠ°ΡΠΎΡΠ°
ceph auth get-key client.admin >/etc/ceph/secret.key
# ΠΠΎΠ±Π°Π²Π»ΡΠ΅ΠΌ Π·Π°ΠΏΠΈΡΡ Π² /etc/fstab
# !! ΠΠ·ΠΌΠ΅Π½ΡΠ΅ΠΌ ip Π°Π΄ΡΠ΅Ρ Π½Π° Π°Π΄ΡΠ΅Ρ Π½Π°ΡΠ΅Π³ΠΎ ΡΠ·Π»Π°
echo "172.18.8.6:6789:/ /mnt/cephfs ceph name=admin,secretfile=/etc/ceph/secret.key,noatime,_netdev 0 2" >> /etc/fstab
mount /mnt/cephfs
Mesthine, masang FS ing simpul Ceph kaya iki mung cocok kanggo tujuan latihan, yaiku apa sing ditindakake ing
Lan pungkasane, ayo mriksa cara kerjane kanthi ngowahi ukuran volume ing kasus CephFS. Ayo bali menyang Kubernetes lan nyunting manifest kanggo PVC - nambah ukuran ing kana, contone, menyang 7Gi.
Ayo aplikasi file sing wis diowahi:
kubectl apply -f pvc.yaml
Ayo ndeleng direktori sing dipasang kanggo ndeleng carane kuota wis diganti:
getfattr -n ceph.quota.max_bytes <ΠΊΠ°ΡΠ°Π»ΠΎΠ³-Ρ-Π΄Π°Π½Π½ΡΠΌΠΈ>
Supaya printah iki bisa, sampeyan bisa uga kudu nginstal paket ing sistem attr.
Mripat wedi, nanging tangan nindakake
Kabeh mantra iki lan manifests YAML dawa katon rumit ing lumahing, nanging ing laku, siswa Slurm njaluk nggantung mau cantik cepet.
Ing artikel iki, kita ora mlebu ing alas - ana dokumentasi resmi babagan iki. Yen sampeyan kepengin weruh rincian nyetel panyimpenan Ceph karo kluster Kubernetes, pranala iki bakal mbantu:
Ing kursus Slurm
Lan yen sampeyan luwih kasengsem ing panyimpenan data, banjur mlebu
Penulis artikel: Alexander Shvalov, insinyur praktik
Source: www.habr.com